Shibboleth Service Provider Multiple XSS Vulnerabilities (Win)

The host has Shibboleth Service Provider installed and is prone to multiple Cross-Site Scripting vulnerabilities.
Successful exploitation could allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. Impact Level: Application.
Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later.
The flaws are due to an error within the sanitation of certain URLs. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed.
Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3 on Windows.