Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/zendesk/samlr/compare/v2.6.1...v2.6.2 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T11:41:03
Updated: 2024-08-05T12:12:29.361Z
Reserved: 2019-07-26T00:00:00
Link: CVE-2018-20857
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-26T12:15:11.400
Modified: 2019-08-01T16:59:06.440
Link: CVE-2018-20857
Redhat
No data.