Project
SAML SSO - Service Provider
Date
Severity
Critical
Risk Score
16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability
Cross-site scripting
Affected versions
<7.x-2.73

Description

The SAML SSO - Service Provider module enables you to perform SAML protocol-based single sign-on (SSO) on a Drupal site.

The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting (XSS) vulnerability.

Solution

Install the latest version.

If you use the SAML SSO - Service Provider module for Drupal 7, upgrade to SAML SSO - Service Provider 7.x-2.73:

Reported by

Fixed by

Coordinated by