Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.
AnalysisAI
A Cross-Site Scripting (XSS) vulnerability exists in the Drupal SAML SSO - Service Provider module due to improper neutralization of user input during web page generation. All versions prior to 3.1.3 are affected, allowing attackers to inject malicious scripts that execute in the browsers of users interacting with SAML authentication flows. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication modules represents a significant risk to credential theft and session hijacking.
Technical ContextAI
The SAML SSO - Service Provider module (cpe:2.3:a:drupal:saml_sso_-_service_provider) is a Drupal contrib module that implements SAML 2.0 service provider functionality, enabling single sign-on integration with enterprise identity providers. The vulnerability stems from CWE-79, which occurs when user-controlled input derived from SAML assertions, HTTP parameters, or other sources is rendered into HTML or JavaScript contexts without proper encoding or sanitization. In the context of SAML authentication, this commonly affects attribute mapping, error messages, or user metadata displayed during or after authentication. The module's failure to neutralize special characters (such as angle brackets, quotes, or event handlers) before rendering them in web pages allows attackers to break out of intended HTML contexts and execute arbitrary JavaScript.
RemediationAI
Immediately upgrade the SAML SSO - Service Provider module to version 3.1.3 or later. This patch version contains fixes for the XSS vulnerability and should be applied as the primary remediation. Until the upgrade can be deployed, implement Content Security Policy (CSP) headers with script-src restrictions and X-XSS-Protection headers on the web server to mitigate XSS execution. Additionally, restrict access to SAML authentication endpoints to trusted networks only, monitor for suspicious authentication patterns, and audit SAML attribute mappings to ensure no user-controlled data is rendered without HTML entity encoding. Consult the Drupal security advisory at https://www.drupal.org/sa-contrib-2026-018 for detailed patch notes and deployment guidance.
More in Saml Sso Service Provider
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15477
GHSA-p74c-x8rc-vp4m