SAML Consumer Service XSS vulnerability

Description

The web application uses SAML. The web application's SAML Consumer Service is vulnerable to XSS due to lack of sanitization of values from SAMLResponse.
An unauthenticated attacker may be able to use it to attack other users.

Remediation

Apply context-dependent sanitization to SAMLResponse values rendered on a page

References

Cross Site Scripting Prevention Cheat Sheet

Related Vulnerabilities

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (1.7.2)

WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (4.0.4)

Apache Tomcat version older than 6.0.11

WordPress Plugin WP-reCAPTCHA Cross-Site Scripting (3.1.3)

WordPress Plugin Events Manager Cross-Site Scripting (5.8.1.1)

Severity

High

Classification

CWE-80 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N