20 matches found
EUVD-2020-27993
Malware in sbrugna...
EUVD-2021-2058
Malware in sbrugna...
CVE-2023-41873
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2021-36785
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2022-26493 miniOrange SAML Authentication Bypass
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...
GHSA-G485-29GQ-6H2H Sensitive Data Exposure in miniorange_saml
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
Cross-site Scripting in TYPO3 extension
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
GHSA-JJ8R-P9F5-FMVV Cross-site Scripting in TYPO3 extension
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2021-36786
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
CVE-2021-36786
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
CVE-2021-36785
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
Cross site scripting
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2021-36786
CVE-2021-36786 concerns the miniorange_saml (Miniorange Saml) extension for TYPO3, prior to version 1.4.3. The issue is an information disclosure vulnerability that allows exposure of API credentials and private keys due to inadequate handling/encoding, as described in multiple connected sources ...
CVE-2021-36785
CVE-2021-36785 : The Miniorange SAML extension for TYPO3 (miniorange_saml) before version 1.4.3 is affected by a cross-site scripting (XSS) vulnerability due to improper encoding of user input in HTML context. The issue is documented in TYPO3’s advisory (typo3-ext-sa-2021-011) and multiple CVE re...
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...
Cross site scripting
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
WordPress miniOrange SAML SP Single Sign On Plugin <= 4.8.72 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112436";...
CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...