{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3217", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-02-25T16:59:33.466Z", "datePublished": "2026-03-25T15:24:30.977Z", "dateUpdated": "2026-03-25T19:59:46.310Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:24:30.977Z"}, "title": "SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018", "datePublic": "2026-02-25T18:51:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Drupal", "product": "SAML SSO - Service Provider", "collectionURL": "https://www.drupal.org/project/miniorange_saml", "repo": "https://git.drupalcode.org/project/miniorange_saml", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).<p>This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-018"}], "credits": [{"lang": "en", "value": "Drew Webber (mcdruid)", "type": "finder"}, {"lang": "en", "value": "Sudhanshu Dhage (sudhanshu0542)", "type": "remediation developer"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}, {"lang": "en", "value": "Jess (xjm)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T19:59:29.225129Z", "id": "CVE-2026-3217", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:59:46.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3217", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T19:59:29.225129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:59:39.723Z"}}], "cna": {"title": "SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "Sudhanshu Dhage (sudhanshu0542)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/miniorange_saml", "vendor": "Drupal", "product": "SAML SSO - Service Provider", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.1.3", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/miniorange_saml", "defaultStatus": "unaffected"}], "datePublic": "2026-02-25T18:51:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-018"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).<p>This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:24:30.977Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3217", "state": "PUBLISHED", "dateUpdated": "2026-03-25T19:59:46.310Z", "dateReserved": "2026-02-25T16:59:33.466Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-25T15:24:30.977Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "BB6BBFD3-F6DF-4228-8274-DD15EE729698", "versionEndExcluding": "3.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3."}, {"lang": "es", "value": "Vulnerabilidad de Neutralizaci\u00f3n Inadecuada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') en Drupal SAML SSO - Service Provider permite cross-site scripting (XSS). Este problema afecta a SAML SSO - Service Provider: desde 0.0.0 hasta antes de 3.1.3."}], "id": "CVE-2026-3217", "lastModified": "2026-03-31T19:25:48.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T16:16:22.917", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-018"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,3.1.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SAML SSO - Service Provider", "source": "cna", "vendor": "Drupal"}, "product": "saml_sso_-_service_provider", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-01T05:46:45.580747+00:00", "value": {"mitigation_remediation": ["Upgrade to Drupal SAML SSO - Service Provider version 3.1.3 or later.", "If an upgrade is not immediately possible, disable the module until the patch is applied.", "Verify that the XSS vulnerability is mitigated by testing with known payloads on the updated module."], "summary": {"action": "Patch Immediately", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Systems affected are installations of the Drupal SAML SSO - Service Provider module, versions from the initial release up through 3.1.2. The module is a contributed component for the Drupal content management system. Any site using older versions without the patch is vulnerable.", "description_and_impact": "An unescaped user input in the Drupal SAML SSO - Service Provider module allows cross\u2011site scripting when a web page is generated. An attacker could inject malicious scripts that run in the context of a legitimate user, enabling session hijacking, defacement, or credential theft. The vulnerability is classified as a standard cross\u2011site scripting flaw per CWE\u201179.", "risk_and_exploitability": "The CVSS v3.1 score of 6.1 indicates moderate severity, and the low EPSS score (<1%) suggests exploitation is presently unlikely but still possible. It is not listed in the CISA KEV catalog. The attack vector is web\u2011based; an attacker needs a browser context to deliver the payload, typically by persuading a user to visit a crafted URL or interaction with a page that processes untrusted input. Because the flaw is a typical reflected or stored XSS, success requires that the vulnerable input be reflected or stored on a page served to the user. Once injected, the attacker could execute arbitrary JavaScript inside that user's browser session."}}}}, "created": "2026-03-25T21:31:00.133303+00:00", "updated": "2026-04-02T07:59:09.860344+00:00", "vendors": ["drupal", "drupal$PRODUCT$saml_sso_-_service_provider"]}