CVE-2017-14313
MEDIUMShibboleth < 1.7 - Cross-Site Scripting via shibboleth_login_form
Title source: llmDescription
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8901
Patch, Third Party Advisory x_refsource_confirm
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3973
Mailing List, Patch, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/874416
Scores
CVSS v3
6.1
EPSS
0.0146
EPSS Percentile
70.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
shibboleth_project/shibboleth
< 1.7
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026