Miniorange: >> Saml Sp Single Sign On >> 4.8.65 Security Vulnerabilities
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-24