5 matches found
EUVD-2024-51514
Malicious code in bioql PyPI...
EUVD-2022-4591
Malicious code in bioql PyPI...
CVE-2025-26620
CVE-2025-26620 describes a race condition in Duende.AccessTokenManagement when multiple concurrent requests for client credentials tokens use varying TokenRequestParameters. The issue can cause concurrent requests to return tokens with incorrect protocol parameters (scope, resource indicator, etc...
CVE-2024-13301
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client allows Cross-Site Scripting XSS.This issue affects OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client: from 3.0.0...
OAuth Client & OpenID Connect SSO | OAuth/OIDC Login - Critical - Cross Site Scripting - SA-CONTRIB-2024-067
This module enables you to authenticate users through an Identity Provider IdP or OAuth Server, allowing them to log in to your Drupal site. The module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is...