Security Advisory

CVE-2019-3873

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-06-12 13:43:46

Last updated 2024-08-04 19:19:18

Assigner redhat

State PUBLISHED

Description

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

← Browse all CVEs View on cve.org ↗