Test ID:	1.3.6.1.4.1.25623.1.0.801148
Category:	Web application abuses
Title:	Shibboleth Service Provider Multiple XSS Vulnerabilities - Windows
Summary:	Shibboleth Service Provider is prone to multiple cross-site scripting (XSS) vulnerabilities.
Description:	Summary: Shibboleth Service Provider is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are due to an error within the sanitation of certain URLs. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed. Vulnerability Impact: Successful exploitation could allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. Affected Software/OS: Shibboleth Service Provider version 1.3.x before 1.3.5 and 2.x before 2.3 on Windows. Solution: Upgrade Shibboleth Service Provider version 1.3.5 or 2.3 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3300 Debian Security Information: DSA-1947 (Google Search) http://www.debian.org/security/2009/dsa-1947 http://secunia.com/advisories/37237 http://www.vupen.com/english/advisories/2009/3150 XForce ISS Database: identity-url-xss(54140) https://exchange.xforce.ibmcloud.com/vulnerabilities/54140
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.