Security Advisory

CVE-2020-6850

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-17 15:01:33

Last updated 2024-08-04 09:11:05

Assigner mitre

State PUBLISHED

Description

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

← Browse all CVEs View on cve.org ↗