Search criteria
3 vulnerabilities found for openid_connect_generic_client by daggerhartlab
FKIE_CVE-2021-24214
Vulnerability from fkie_nvd - Published: 2021-05-06 13:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| daggerhartlab | openid_connect_generic_client | 3.8.0 | |
| daggerhartlab | openid_connect_generic_client | 3.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daggerhartlab:openid_connect_generic_client:3.8.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A7065E71-4C5D-4C77-B50D-577BAB25E284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:daggerhartlab:openid_connect_generic_client:3.8.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "592B60EE-D611-439F-9653-1D71DCFDA375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
},
{
"lang": "es",
"value": "El plugin OpenID Connect Generic Client WordPress versiones 3.8.0 y 3.8.1, no sane\u00f3 el error de inicio de sesi\u00f3n cuando se devolvi\u00f3 al formulario de inicio de sesi\u00f3n, conllevando a un problema de tipo Cross-Site Scripting reflejado.\u0026#xa0;Este problema no requiere autenticaci\u00f3n y puede ser explotado con la configuraci\u00f3n predeterminada"
}
],
"id": "CVE-2021-24214",
"lastModified": "2024-11-21T05:52:36.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-06T13:15:11.400",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-24214 (GCVE-0-2021-24214)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:21
VLAI?
Title
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| daggerhart | OpenID Connect Generic Client |
Affected:
3.8.0 , < 3.8.0*
(custom)
Affected: 3.8.2 , < 3.8.2 (custom) |
Credits
Austin Bentley
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenID Connect Generic Client",
"vendor": "daggerhart",
"versions": [
{
"lessThan": "3.8.0*",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Austin Bentley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24214",
"STATE": "PUBLIC",
"TITLE": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenID Connect Generic Client",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "3.8.0",
"version_value": "3.8.0"
},
{
"version_affected": "\u003c",
"version_name": "3.8.2",
"version_value": "3.8.2"
}
]
}
}
]
},
"vendor_name": "daggerhart"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24214",
"datePublished": "2021-05-05T18:39:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24214 (GCVE-0-2021-24214)
Vulnerability from nvd – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:21
VLAI?
Title
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| daggerhart | OpenID Connect Generic Client |
Affected:
3.8.0 , < 3.8.0*
(custom)
Affected: 3.8.2 , < 3.8.2 (custom) |
Credits
Austin Bentley
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenID Connect Generic Client",
"vendor": "daggerhart",
"versions": [
{
"lessThan": "3.8.0*",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Austin Bentley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24214",
"STATE": "PUBLIC",
"TITLE": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenID Connect Generic Client",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "3.8.0",
"version_value": "3.8.0"
},
{
"version_affected": "\u003c",
"version_name": "3.8.2",
"version_value": "3.8.2"
}
]
}
}
]
},
"vendor_name": "daggerhart"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24214",
"datePublished": "2021-05-05T18:39:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}