SAML SP Single Sign On < 4.8.84 - Cross-Site Scripting (XSS) via Crafted SAML XML Response

Affects Plugin

fixed in version 4.8.84

References

CVE 2020-6850
URL https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Zeroauth
Views 1517
Verified No
WPVDB ID 10072

Timeline

Publicly Published 2020-01-28 (4 months ago)
Added 2020-02-17 (3 months ago)
Last Updated 2020-02-18 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin