Candidate: CVE-2009-3300 PublicDate: 2009-11-06 15:30:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3300 Description: Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: Patches_opensaml2: upstream_opensaml2: released (2.3) dapper_opensaml2: DNE hardy_opensaml2: DNE intrepid_opensaml2: needs-triage (reached end-of-life) jaunty_opensaml2: released (2.0-2+lenny2build0.9.04.1) karmic_opensaml2: ignored (reached end-of-life) lucid_opensaml2: not-affected (2.3-1build1) maverick_opensaml2: not-affected (2.3-1build1) natty_opensaml2: not-affected (2.3-1build1) oneiric_opensaml2: not-affected (2.3-1build1) devel_opensaml2: not-affected (2.3-1build1) Patches_shibboleth-sp: upstream_shibboleth-sp: needs-triage dapper_shibboleth-sp: DNE hardy_shibboleth-sp: ignored (reached end-of-life) intrepid_shibboleth-sp: needs-triage (reached end-of-life) jaunty_shibboleth-sp: ignored (reached end-of-life) karmic_shibboleth-sp: DNE lucid_shibboleth-sp: DNE maverick_shibboleth-sp: DNE natty_shibboleth-sp: DNE oneiric_shibboleth-sp: DNE devel_shibboleth-sp: DNE Patches_shibboleth-sp2: upstream_shibboleth-sp2: released (2.3) dapper_shibboleth-sp2: DNE hardy_shibboleth-sp2: DNE intrepid_shibboleth-sp2: DNE jaunty_shibboleth-sp2: ignored (reached end-of-life) karmic_shibboleth-sp2: ignored (reached end-of-life) lucid_shibboleth-sp2: not-affected (2.3+dfsg-1build1) maverick_shibboleth-sp2: not-affected (2.3+dfsg-1build1) natty_shibboleth-sp2: not-affected (2.3+dfsg-1build1) oneiric_shibboleth-sp2: not-affected (2.3+dfsg-1build1) devel_shibboleth-sp2: not-affected (2.3+dfsg-1build1) Patches_xmltooling: upstream_xmltooling: released (1.3.1) dapper_xmltooling: DNE hardy_xmltooling: DNE intrepid_xmltooling: needs-triage (reached end-of-life) jaunty_xmltooling: ignored (reached end-of-life) karmic_xmltooling: ignored (reached end-of-life) lucid_xmltooling: not-affected (1.3.1-1) maverick_xmltooling: not-affected (1.3.1-1) natty_xmltooling: not-affected (1.3.1-1) oneiric_xmltooling: not-affected (1.3.1-1) devel_xmltooling: not-affected (1.3.1-1)