Vulnerabilities > Simplesamlphp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2010-10008 | Unspecified vulnerability in Simplesamlphp Simplesamlphp-Module-Openidprovider ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. | 5.4 |
| 2023-01-09 | CVE-2010-10004 | Unspecified vulnerability in Simplesamlphp Information Cards Module 1.0/1.0.1/1.0.2 A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. | 6.1 |
| 2023-01-01 | CVE-2010-10002 | Unspecified vulnerability in Simplesamlphp Simplesamlphp-Module-Openid ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. | 6.1 |
| 2020-01-24 | CVE-2020-5226 | Cross-site Scripting vulnerability in Simplesamlphp Cross-site scripting in SimpleSAMLphp before version 1.18.4. | 5.4 |
| 2020-01-24 | CVE-2020-5225 | Information Exposure Through Log Files vulnerability in Simplesamlphp Log injection in SimpleSAMLphp before version 1.18.4. | 5.4 |
| 2018-02-02 | CVE-2017-18121 | Cross-site Scripting vulnerability in multiple products The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | 6.1 |
| 2018-02-02 | CVE-2018-6520 | Open Redirect vulnerability in Simplesamlphp SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | 6.1 |
| 2017-09-01 | CVE-2017-12872 | Information Exposure vulnerability in multiple products The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. | 5.9 |
| 2017-09-01 | CVE-2017-12871 | Inadequate Encryption Strength vulnerability in Simplesamlphp The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | 5.9 |
| 2017-09-01 | CVE-2017-12870 | Information Exposure vulnerability in Simplesamlphp SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | 5.9 |