{"id":"CVE-2017-14313","details":"The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().","modified":"2026-04-11T12:05:07.919680Z","published":"2017-09-12T00:29:00.193Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"1.7"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:shibboleth_project:shibboleth:*:*:*:*:*:wordpress:*:*"}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3973"},{"type":"ADVISORY","url":"https://wpvulndb.com/vulnerabilities/8901"},{"type":"FIX","url":"https://bugs.debian.org/874416"},{"type":"FIX","url":"https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelryanmcneill/shibboleth","events":[{"introduced":"0"},{"fixed":"b95eac843be2b872afb0fd0073977f95de914abf"},{"fixed":"1d65ad6786282d23ba1865f56e2fd19188e7c26a"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.8"}],"source":["DESCRIPTION","REFERENCES"]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14313.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}