CVE-2010-10002 LOW

CVE-2010-10002: SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting

Vendor Simplesamlphp
Product simplesamlphp-module-openid
Weakness CWE-79 · XSS
Published January 1, 2023
Last update August 7, 2024
View on NVD All CVEs

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

January 1, 2023 CVE published
August 7, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-40497 FreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration) CVE-2025-22356 WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-10753 PHPGurukul Online Shopping Portal dom_data_two_headers.php cross site scripting CVE-2021-24654 User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting CVE-2025-5507 TOTOLINK A3002RU MAC Filtering Page cross site scripting