20 matches found
EUVD-2020-27993
Malware in sbrugna...
EUVD-2021-2058
Malware in sbrugna...
CVE-2023-41873
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2021-36785
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2022-26493 miniOrange SAML Authentication Bypass
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...
GHSA-G485-29GQ-6H2H Sensitive Data Exposure in miniorange_saml
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
GHSA-JJ8R-P9F5-FMVV Cross-site Scripting in TYPO3 extension
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
Cross-site Scripting in TYPO3 extension
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2021-36786
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
CVE-2021-36785
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2021-36786
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys...
Cross site scripting
The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...
CVE-2021-36786
CVE-2021-36786 concerns the miniorange_saml (Miniorange Saml) extension for TYPO3, prior to version 1.4.3. The issue is an information disclosure vulnerability that allows exposure of API credentials and private keys due to inadequate handling/encoding, as described in multiple connected sources ...
CVE-2021-36785
CVE-2021-36785 : The Miniorange SAML extension for TYPO3 (miniorange_saml) before version 1.4.3 is affected by a cross-site scripting (XSS) vulnerability due to improper encoding of user input in HTML context. The issue is documented in TYPO3’s advisory (typo3-ext-sa-2021-011) and multiple CVE re...
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...
Cross site scripting
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
WordPress miniOrange SAML SP Single Sign On Plugin <= 4.8.72 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112436";...
CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post...