CVE-2010-10004: 
PHP vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in the Information Cards Module on simpleSAMLphp. The vulnerability was assigned identifier CVE-2010-10004. The issue affects the processing of input data in the module and can be exploited remotely. The vulnerability was fixed in version 1.0 of the module with patch f6bfea49ae16dc6e179df8306d39c3694f1ef186 (GitHub Patch, GitHub Release).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue. According to the CVSS 3.1 scoring system, it received a base score of 6.1 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The vulnerability exists in the InfoCard module's input processing, where user-supplied data was not properly sanitized before being reflected back to users (NVD).

If exploited, this vulnerability could allow an attacker to execute malicious scripts in a victim's browser context, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks. The CVSS scoring indicates low confidentiality and integrity impacts, with no availability impact (NVD).

The recommended mitigation is to upgrade the Information Cards Module to version 1.0 or later. The fix was implemented in commit f6bfea49ae16dc6e179df8306d39c3694f1ef186, which addresses the cross-site scripting vulnerability by properly sanitizing user input (GitHub Patch).