Search for packages
| purl | pkg:deb/debian/simplesamlphp@1.6.3-3 |
| Next non-vulnerable version | 1.13.1-2+deb8u1 |
| Latest non-vulnerable version | 1.13.1-2+deb8u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pskx-9d46-bfdt
Aliases: CVE-2017-18121 GHSA-fv7m-wc3v-wr3w |
Cross-site Scripting The consentAdmin module in SimpleSAMLphp is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. |
Affected by 0 other vulnerabilities. |
|
VCID-ucwf-xdma-h7fc
Aliases: CVE-2018-6519 GHSA-hhm8-2j4g-mpgg |
Injection Vulnerability The SAML2 library in `SimpleSAMLphp` has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. |
Affected by 0 other vulnerabilities. |
|
VCID-yn8q-d76k-q3h2
Aliases: CVE-2017-12869 GHSA-qc43-78vj-vg7p |
Improper Input Validation The multiauth module in `SimpleSAMLphp` allows remote attackers to bypass authentication context restrictions and use an authentication source defined in `config/authsources.php` via vectors related to improper validation of user input. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:43:01.544318+00:00 | Debian Oval Importer | Affected by | VCID-ucwf-xdma-h7fc | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 38.6.0 |
| 2026-06-04T20:40:08.067032+00:00 | Debian Oval Importer | Affected by | VCID-yn8q-d76k-q3h2 | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 38.6.0 |
| 2026-06-04T20:39:55.871589+00:00 | Debian Oval Importer | Affected by | VCID-pskx-9d46-bfdt | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 38.6.0 |