Miniorange: >> Saml Sp Single Sign On >> 4.8.80 Security Vulnerabilities
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17