CVE-2009-3300

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54140

http://www.vupen.com/english/advisories/2009/3150

http://www.debian.org/security/2009/dsa-1947

http://shibboleth.internet2.edu/secadv/secadv_20091104.txt

http://secunia.com/advisories/37237

Details

Source: Mitre, NVD

Published: 2009-11-06

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium