Quick Kangaroo

**Name of the Vulnerable Software and Affected Versions** drupalauth module versions prior to 1.2.2 **Description** The issue allows remote attackers to authenticate as an arbitrary user via the `uid` in a cookie. This is due to a flaw in the lib/Auth/Source/External.php file of the drupalauth module for simpleSAMLphp. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the `uid` variable in cookies until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SimpleSAMLphp versions prior to 1.8.2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `link href` parameter in the logout.php file. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the logout.php file or sanitizing the `link href` parameter to prevent malicious input.