CVE-2026-3217

Medium CVSS: 6.1

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.

Vendor

Miniorange

Product

Saml Sso - Service Provider

CWE

CWE-79

Yayın Tarihi

2026-03-25 16:16:22

Güncelleme

2026-03-31 19:25:48

Source Identifier

mlhess@drupal.org

KEV Date Added

Kategoriler

CWE-79 Saml Sso - Service Provider MEDIUM Miniorange 2026

Referanslar

https://www.drupal.org/sa-contrib-2026-018

Benzer Kayıtlar

Medium

CVE-2025-6675

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows…

High

CVE-2025-47708

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forg…

Medium

CVE-2025-47709

Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affect…

High

CVE-2025-47710

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows…

Medium

CVE-2025-47706

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services w…

High

CVE-2025-47707

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows…