Researchers discover SAML XML Injection vulnerability
The flaw could allow an attacker to modify SAML responses generated by an Identity Provider, and thereby gain unauthorized access to user accounts, or to escalate privileges within an application.