ID de Prueba:	1.3.6.1.4.1.25623.1.0.801148
Categoría:	Web application abuses
Título:	Shibboleth Service Provider Multiple XSS Vulnerabilities - Windows
Resumen:	Shibboleth Service Provider is prone to multiple cross-site scripting (XSS) vulnerabilities.
Descripción:	Summary: Shibboleth Service Provider is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are due to an error within the sanitation of certain URLs. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed. Vulnerability Impact: Successful exploitation could allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. Affected Software/OS: Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3 on Windows. Solution: Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3300 Debian Security Information: DSA-1947 (Google Search) http://www.debian.org/security/2009/dsa-1947 http://secunia.com/advisories/37237 http://www.vupen.com/english/advisories/2009/3150 XForce ISS Database: identity-url-xss(54140) https://exchange.xforce.ibmcloud.com/vulnerabilities/54140
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.