CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Configurations

Configuration 1

cpe:2.3:a:miniorange:saml_sp_single_sign_on:*:*:*:*:*:wordpress:*:*

Information

Published : 2020-02-17 04:15

Updated : 2020-02-20 05:37


NVD link : CVE-2020-6850

Mitre link : CVE-2020-6850

Products Affected
No products.
CWE