Cross Site Scripting (XSS) in the consentAdmin module
The consentAdmin module is an addition to the consent module that allows users to view and manage the consent given to send attributes to third-party services. Users of an Identity Provider can leverage this module to keep track of what attributes are sent to what services, and withdraw any existing consent.
This issue has been fixed by ignoring the current URL and building the link manually to point to the current page with the additional parameter that is needed to start the logout process.
All SimpleSAMLphp versions before and including 1.14.15.
Upgrade to the latest version. When an upgrade is not possible immediately, the consentAdmin module should be disabled until the upgrade can be performed.