Headline
CVE-2022-32286
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.
%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 630.026 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 548.019 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 289.263 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 230.18 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 379.817 null] >> endobj 9 0 obj << /D [8 0 R /XYZ 70.866 180.425 null] >> endobj 10 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 11 0 R /Type /Page /Resources 12 0 R /Parent 13 0 R /Annots [14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 14 0 obj << /A << /S /URI /Type /Action /URI (https://marketplace.mendix.com/link/component/1174/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 446.564 518.276 457.981] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://marketplace.mendix.com/link/component/1174/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 404.524 518.276 415.941] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://marketplace.mendix.com/link/component/1174/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 362.483 518.276 373.9] >> endobj 20 0 obj << /A << /S /GoTo /D (section*.2) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [386.143 246.996 524.579 258.533] >> endobj 21 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [147.498 229.183 309.548 240.6] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 138.107 487.754 149.644] >> endobj 23 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 108.339 525.406 119.756] >> endobj 12 0 obj << /ProcSet [/PDF /Text] /Font << /F52 25 0 R /F49 26 0 R >> >> endobj 11 0 obj << /Filter /FlateDecode /Length 2785 >> stream x���r�8���m��L���^<���l�d-9�����Y�H I�ٿ�ƃ�(Q�