Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Internet2 | Identity Provider | 1.3 |
| Internet2 | Service Provider | 1.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37237Vendor Advisory
- http://shibboleth.internet2.edu/secadv/secadv_20091104.txtVendor Advisory
- http://www.debian.org/security/2009/dsa-1947
- http://www.vupen.com/english/advisories/2009/3150Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54140
- http://secunia.com/advisories/37237Vendor Advisory
- http://shibboleth.internet2.edu/secadv/secadv_20091104.txtVendor Advisory
- http://www.debian.org/security/2009/dsa-1947
- http://www.vupen.com/english/advisories/2009/3150Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54140
FAQ
What is CVE-2009-3300?
CVE-2009-3300 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2...
How severe is CVE-2009-3300?
CVE-2009-3300 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3300?
Check the references section above for vendor advisories and patch information. Affected products include: Internet2 Identity Provider, Internet2 Service Provider.