The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. External References: https://simplesamlphp.org/security/201709-01
External References: https://simplesamlphp.org/security/201709-01
Created php-simplesamlphp-saml2 tracking bugs for this issue: Affects: fedora-all [bug 1552876] Affects: epel-all [bug 1552877]
CVE-2017-18121 (SSPSA 201709-01) is for the SimpleSAMLphp application not the php-simplesamlphp/saml2 library Dependent bugs have been closed as not a bug. Please close this bug as well.
All dependent bugs are closed. Please close.