Description
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Font Organizer Cross-Site Scripting (2.1.1)
Oracle Application Server Other Vulnerability (CVE-2001-1217)
WordPress Plugin File Manager Arbitrary File Upload (6.8)
WordPress Plugin Visual Form Builder Cross-Site Scripting (2.8.4)
WordPress Plugin Store Locator Plus for WordPress SQL Injection (3.8.6)