CVE-2012-0908

Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
simplesamlphpsimplesamlphp
𝑥
≤ 1.8.1
simplesamlphpsimplesamlphp
0.4
simplesamlphpsimplesamlphp
0.5
simplesamlphpsimplesamlphp
1.0
simplesamlphpsimplesamlphp
1.1
simplesamlphpsimplesamlphp
1.2
simplesamlphpsimplesamlphp
1.3
simplesamlphpsimplesamlphp
1.4
simplesamlphpsimplesamlphp
1.5
simplesamlphpsimplesamlphp
1.5.1
simplesamlphpsimplesamlphp
1.6
simplesamlphpsimplesamlphp
1.6.1
simplesamlphpsimplesamlphp
1.6.2
simplesamlphpsimplesamlphp
1.6.3
simplesamlphpsimplesamlphp
1.7
simplesamlphpsimplesamlphp
1.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
simplesamlphp
bullseye
1.19.0-1
fixed
sid
1.19.7-1
fixed
trixie
1.19.7-1
fixed
bookworm
1.19.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
simplesamlphp
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
dne
hardy
dne