Search criteria
1 vulnerability by daggerhartlab
CVE-2021-24214 (GCVE-0-2021-24214)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:21
VLAI?
Title
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| daggerhart | OpenID Connect Generic Client |
Affected:
3.8.0 , < 3.8.0*
(custom)
Affected: 3.8.2 , < 3.8.2 (custom) |
Credits
Austin Bentley
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenID Connect Generic Client",
"vendor": "daggerhart",
"versions": [
{
"lessThan": "3.8.0*",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Austin Bentley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24214",
"STATE": "PUBLIC",
"TITLE": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenID Connect Generic Client",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "3.8.0",
"version_value": "3.8.0"
},
{
"version_affected": "\u003c",
"version_name": "3.8.2",
"version_value": "3.8.2"
}
]
}
}
]
},
"vendor_name": "daggerhart"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24214",
"datePublished": "2021-05-05T18:39:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}