CVE-2010-10008

Name of the Vulnerable Software and Affected Versions simplesamlphp simplesamlphp-module-openidprovider versions up to 0.8.x

Description A vulnerability was found in the simplesamlphp simplesamlphp-module-openidprovider. The issue affects an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross-site scripting. The attack can be launched remotely.

Recommendations Upgrading to version 0.9.0 is able to address this issue. As a temporary workaround, consider restricting access to the templates/trust.tpl.php file until a patch is available. Avoid using the argument StateID in the affected functionality until the issue is resolved.