Vulnerabilities > Simplesamlphp

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-49087 Insufficient Verification of Data Authenticity vulnerability in Simplesamlphp Saml2 and Xml-Security
xml-security is a library that implements XML signatures and encryption.
network
low complexity
simplesamlphp CWE-345
7.5
2023-01-17 CVE-2010-10008 Cross-site Scripting vulnerability in Simplesamlphp Simplesamlphp-Module-Openidprovider
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x.
network
low complexity
simplesamlphp CWE-79
5.4
2023-01-09 CVE-2010-10004 Cross-site Scripting vulnerability in Simplesamlphp Information Cards Module 1.0/1.0.1/1.0.2
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic.
network
low complexity
simplesamlphp CWE-79
6.1
2023-01-01 CVE-2010-10002 Cross-site Scripting vulnerability in Simplesamlphp Simplesamlphp-Module-Openid
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid.
network
low complexity
simplesamlphp CWE-79
6.1
2020-04-21 CVE-2020-5301 Improper Handling of Case Sensitivity vulnerability in Simplesamlphp
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability.
3.5
2020-01-24 CVE-2020-5226 Cross-site Scripting vulnerability in Simplesamlphp
Cross-site scripting in SimpleSAMLphp before version 1.18.4.
3.5
2020-01-24 CVE-2020-5225 Information Exposure Through Log Files vulnerability in Simplesamlphp
Log injection in SimpleSAMLphp before version 1.18.4.
network
low complexity
simplesamlphp CWE-532
5.5
2019-11-07 CVE-2019-3465 Improper Verification of Cryptographic Signature vulnerability in multiple products
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
8.8
2019-11-06 CVE-2011-4625 Improper Handling of Exceptional Conditions vulnerability in multiple products
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
network
low complexity
simplesamlphp debian CWE-755
5.0
2018-03-05 CVE-2018-7711 Improper Verification of Cryptographic Signature vulnerability in multiple products
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation.
6.8