Skip to main content

Saml Sso Service Provider

2 CVEs product

Monthly

CVE-2026-5343 PHP HIGH PATCH This Week

Privilege escalation in the Drupal SAML SSO - Service Provider contributed module (versions prior to 3.1.4) allows remote unauthenticated attackers to gain elevated privileges by exploiting improper handling of exceptional conditions during SAML authentication flows. The CVSS 7.4 (High) score reflects high attack complexity but network reachability and no authentication requirement, with confidentiality and integrity impact. EPSS probability is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis.

Privilege Escalation Saml Sso Service Provider
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-3217 PHP MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal SAML SSO - Service Provider module due to improper neutralization of user input during web page generation. All versions prior to 3.1.3 are affected, allowing attackers to inject malicious scripts that execute in the browsers of users interacting with SAML authentication flows. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication modules represents a significant risk to credential theft and session hijacking.

XSS Saml Sso Service Provider
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Privilege escalation in the Drupal SAML SSO - Service Provider contributed module (versions prior to 3.1.4) allows remote unauthenticated attackers to gain elevated privileges by exploiting improper handling of exceptional conditions during SAML authentication flows. The CVSS 7.4 (High) score reflects high attack complexity but network reachability and no authentication requirement, with confidentiality and integrity impact. EPSS probability is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis.

Privilege Escalation Saml Sso Service Provider
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal SAML SSO - Service Provider module due to improper neutralization of user input during web page generation. All versions prior to 3.1.3 are affected, allowing attackers to inject malicious scripts that execute in the browsers of users interacting with SAML authentication flows. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication modules represents a significant risk to credential theft and session hijacking.

XSS Saml Sso Service Provider
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy