USN-4925-1: Shibboleth vulnerability
Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service
provider allowed content injection due to allowing attacker-controlled
parameters in error or other status pages. An attacker could use this to
inject malicious content.
Source: USN-4925-1: Shibboleth vulnerability