Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-3872
Reference:
CVE-2019-3872
Title:
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.