Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27993

Malware in sbrugna...

6.1CVSS6.3AI score0.01376EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2058

Malware in sbrugna...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.6 views

CVE-2023-41873

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS8.5AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.7 views

CVE-2021-36785

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS6.9AI score0.00497EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.38 views

CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/03 4:0 p.m.14 views

CVE-2022-26493 miniOrange SAML Authentication Bypass

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS9.8AI score0.00545EPSS
Exploits0References1
OSV
OSV
added 2021/09/01 6:36 p.m.18 views

GHSA-G485-29GQ-6H2H Sensitive Data Exposure in miniorange_saml

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References3
OSV
OSV
added 2021/08/30 5:22 p.m.21 views

GHSA-JJ8R-P9F5-FMVV Cross-site Scripting in TYPO3 extension

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

8.5CVSS5.7AI score0.00497EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.32 views

Cross-site Scripting in TYPO3 extension

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS5.9AI score0.00497EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/08/13 5:15 p.m.14 views

CVE-2021-36786

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS0.00996EPSS
Exploits0References2
NVD
NVD
added 2021/08/13 5:15 p.m.12 views

CVE-2021-36785

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS0.00497EPSS
Exploits0References2
OSV
OSV
added 2021/08/13 5:15 p.m.4 views

CVE-2021-36786

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS7.1AI score0.00996EPSS
Exploits0References2
Prion
Prion
added 2021/08/13 5:15 p.m.14 views

Cross site scripting

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

3.5CVSS5.5AI score0.00497EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/13 4:12 p.m.113 views

CVE-2021-36786

CVE-2021-36786 concerns the miniorange_saml (Miniorange Saml) extension for TYPO3, prior to version 1.4.3. The issue is an information disclosure vulnerability that allows exposure of API credentials and private keys due to inadequate handling/encoding, as described in multiple connected sources ...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/13 4:11 p.m.100 views

CVE-2021-36785

CVE-2021-36785 : The Miniorange SAML extension for TYPO3 (miniorange_saml) before version 1.4.3 is affected by a cross-site scripting (XSS) vulnerability due to improper encoding of user input in HTML context. The issue is documented in TYPO3’s advisory (typo3-ext-sa-2021-011) and multiple CVE re...

5.4CVSS5.8AI score0.00497EPSS
Exploits0References2Affected Software1
Typo3
Typo3
added 2021/08/10 12:0 a.m.37 views

Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

5CVSS1.5AI score0.00996EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/02/17 4:15 p.m.19 views

Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

4.3CVSS5.9AI score0.01376EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/17 3:1 p.m.35 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6AI score0.01376EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/06/27 12:0 a.m.167 views

WordPress miniOrange SAML SP Single Sign On Plugin <= 4.8.72 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112436";...

6.1CVSS6.3AI score0.01066EPSS
Exploits1References2
NVD
NVD
added 2019/06/24 9:15 p.m.17 views

CVE-2019-12346

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...

6.1CVSS6AI score0.01066EPSS
Exploits1References2
Rows per page
Query Builder