CVE-2010-10002

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp simplesamlphp-module-openid versions prior to 1.0

Description A vulnerability has been found in the OpenID Handler component of SimpleSAMLphp simplesamlphp-module-openid. The issue affects an unknown function of the file templates/consumer.php. The manipulation of the AuthState argument leads to cross-site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult.

Recommendations For versions prior to 1.0, upgrade to version 1.0 to address this issue. As a temporary workaround, consider restricting access to the OpenID Handler component until the upgrade is applied. Avoid using the AuthState argument in the affected component until the issue is resolved.