Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27993

Malware in sbrugna...

6.1CVSS6.3AI score0.01376EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2058

Malware in sbrugna...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-41873

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS8.5AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.8 views

CVE-2021-36785

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS6.9AI score0.00497EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.39 views

CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/03 4:0 p.m.21 views

CVE-2022-26493 miniOrange SAML Authentication Bypass

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS9.8AI score0.00545EPSS
Exploits0References1
OSV
OSV
added 2021/09/01 6:36 p.m.18 views

GHSA-G485-29GQ-6H2H Sensitive Data Exposure in miniorange_saml

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.32 views

Cross-site Scripting in TYPO3 extension

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS5.9AI score0.00497EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/30 5:22 p.m.21 views

GHSA-JJ8R-P9F5-FMVV Cross-site Scripting in TYPO3 extension

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

8.5CVSS5.7AI score0.00497EPSS
Exploits0References5
NVD
NVD
added 2021/08/13 5:15 p.m.17 views

CVE-2021-36786

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS0.00996EPSS
Exploits0References2
OSV
OSV
added 2021/08/13 5:15 p.m.4 views

CVE-2021-36786

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...

7.5CVSS7.1AI score0.00996EPSS
Exploits0References2
NVD
NVD
added 2021/08/13 5:15 p.m.17 views

CVE-2021-36785

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

5.4CVSS0.00497EPSS
Exploits0References2
Prion
Prion
added 2021/08/13 5:15 p.m.14 views

Cross site scripting

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

3.5CVSS5.5AI score0.00497EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/13 4:12 p.m.115 views

CVE-2021-36786

CVE-2021-36786 concerns the miniorange_saml (Miniorange Saml) extension for TYPO3, prior to version 1.4.3. The issue is an information disclosure vulnerability that allows exposure of API credentials and private keys due to inadequate handling/encoding, as described in multiple connected sources ...

7.5CVSS7.5AI score0.00996EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/13 4:11 p.m.101 views

CVE-2021-36785

CVE-2021-36785 : The Miniorange SAML extension for TYPO3 (miniorange_saml) before version 1.4.3 is affected by a cross-site scripting (XSS) vulnerability due to improper encoding of user input in HTML context. The issue is documented in TYPO3’s advisory (typo3-ext-sa-2021-011) and multiple CVE re...

5.4CVSS5.8AI score0.00497EPSS
Exploits0References2Affected Software1
Typo3
Typo3
added 2021/08/10 12:0 a.m.37 views

Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

5CVSS1.5AI score0.00996EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/02/17 4:15 p.m.19 views

Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

4.3CVSS5.9AI score0.01376EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/17 3:1 p.m.35 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6AI score0.01376EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/06/27 12:0 a.m.167 views

WordPress miniOrange SAML SP Single Sign On Plugin <= 4.8.72 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112436";...

6.1CVSS6.3AI score0.01066EPSS
Exploits1References2
NVD
NVD
added 2019/06/24 9:15 p.m.17 views

CVE-2019-12346

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...

6.1CVSS6AI score0.01066EPSS
Exploits1References2
Rows per page
Query Builder