oss-sec mailing list archives
Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg()
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 12 Sep 2017 20:26:40 +0200
Hi MITRE has assigned CVE-2017-14313 for the following cross-site scripting vulnerability in the Shibboleth plugin for Wordpress, caused due improper use of add_query_arg(), found in the shibboleth_login_form function in shibboleth.php. Decided to still forward the assignment here to the list even as Dominic mentioned the issue was long known already, but apparently at least never reported in Debian. Only now a CVE was requested, triggered by the bugreport in Debian: https://bugs.debian.org/874416 Upstream fix (contained in 1.8): https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a Regards, Salvatore
Current thread:
- Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg() Salvatore Bonaccorso (Sep 12)