CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-6850 – SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. El archivo Utilities.php en el plugin miniorange-saml-20-single-sign-on versiones anteriores a 4.8.84 para WordPress, permite un ataque de tipo XSS por medio de una Respuesta XML SAML diseñada en el archivo wp-login.php. Esto está relacionado con las variables SAMLResponse y RelayState y el parámetro Destination del elemento XML samlp:Response. • https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers https://zeroauth.ltd/blog https://zeroauth.ltd/blog/2020/01/28/cve-2020-6850-miniorange-saml-wp-plugin-before-4-8-84-is-vulnerable-to-xss-via-a-specially-crafted-saml-xml-response • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12346 – SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. En el plugin Single Sign On de miniOrange SAML SP anterior a versión 4.8.73 para WordPress, el Endpoint Login de SAML es vulnerable a ataques XSS por medio de una publicación XML SAMLResponse especialmente creada. • https://wpvulndb.com/vulnerabilities/9397 https://zeroauth.ltd/blog/2019/05/27/cve-2019-12346-miniorange-saml-sp-single-sign-on-wordpress-plugin-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •