36 matches found
CVE-2026-1824
The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpointlogin' parameter of the infomaniakconnectgenericauthurl shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes...
PT-2026-23844
The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpoint login' parameter of the infomaniak connect generic auth url shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This...
EUVD-2023-0454
Malicious code in bioql PyPI...
EUVD-2023-0509
Malicious code in bioql PyPI...
EUVD-2023-0423
Malicious code in bioql PyPI...
CVE-2023-24446
A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2025-24399
Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that...
WordPress Plugin OpenID 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress OpenID plugin <= 3.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin OpenID versions = 3.6.1...
WordPress OpenID Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)
Software OpenID Type Plugin Vulnerable versions = 3.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 70ed2305fa1e Credits Dimas Maulana Required privilege...
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2023-24446
A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24446
A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...