CVE-2019-3872

Name of the Vulnerable Software and Affected Versions Jboss Application Platform versions 7.1.x through 7.2.x

Description A security issue was discovered where a SAMLRequest containing a script could be processed, allowing an attacker to send a malicious script and achieve cross-site scripting. This could result in obtaining unauthorized information or conducting further attacks. The vulnerability exists due to inadequate protection of the web page structure, which may allow a remote attacker to perform cross-site scripting attacks and disclose protected information by using a SAMLRequest containing a malicious script.

Recommendations For Jboss Application Platform versions 7.1.x through 7.2.x, consider disabling the processing of SAMLRequests containing scripts as a temporary workaround until a patch is available. Restrict access to sensitive information and minimize the risk of exploitation by implementing additional security measures, such as input validation and proper output encoding. At the moment, there is no information about a newer version that contains a fix for this vulnerability.