2021-03-22 07:02:05
mitre
PUBLISHED
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.