CVE-2019-3873

CVE-2019-3873 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

Learn more about our Web Application Penetration Testing UK.