What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.
Explanation of Vulnerability in Simple Terms
02Summary
The SAML SSO - Service Provider module for Drupal contains a cross-site scripting (XSS) vulnerability in versions before 3.1.3. An attacker can inject malicious scripts that execute in users' browsers when they interact with SAML authentication flows. The vulnerability stems from insufficient input sanitization in SAML response handling. Update to version 3.1.3 or later to remediate.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in users' browsers during SAML authentication.
Potential impact on your site
04Site Impact
Attackers can steal session cookies, redirect users, or deface content seen during SAML login flows.
Conditions required to exploit
05Prerequisites
User interaction required; victim must visit a page or click a link containing the malicious payload.
Key dates
06Disclosure timeline
March 25, 2026
CVE published
March 25, 2026
Record updated