CVE-2010-10002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Configurations

Configuration 1 (hide)

cpe:2.3:a:simplesamlphp:simplesamlphp-module-openid:*:*:*:*:*:*:*:*

History

11 Apr 2024, 00:46

Type Values Removed Values Added
Summary
  • (es) ** NO SOPORTADO CUANDO SE ASIGNÓ ** Una vulnerabilidad clasificada como problemática ha sido encontrada en SimpleSAMLphp simplesamlphp-module-openid. Una función desconocida del archivo templates/consumer.php del componente OpenID Handler es afectada por esta vulnerabilidad. La manipulación del argumento AuthState conduce a cross-site scripting. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. La actualización a la versión 1.0 puede solucionar este problema. El parche se identifica como d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. Se recomienda actualizar el componente afectado. VDB-217170 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.

29 Feb 2024, 01:10

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-01 17:15

Updated : 2024-08-07 05:16


NVD link : CVE-2010-10002

Mitre link : CVE-2010-10002

CVE.ORG link : CVE-2010-10002


JSON object : View

Products Affected

simplesamlphp

  • simplesamlphp-module-openid
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')