Описание
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:daggerhartlab:openid_connect_generic_client:3.8.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:daggerhartlab:openid_connect_generic_client:3.8.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 88%
0.04044
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
github
больше 3 лет назад
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
EPSS
Процентиль: 88%
0.04044
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79