CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31107 – WordPress OpenID plugin <= 3.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31107
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en DiSo Development Team OpenID permite el XSS reflejado. Este problema afecta a OpenID: desde n/a hasta 3.6.1. The OpenID plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/openid/wordpress-openid-plugin-3-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50771
https://notcve.org/view.php?id=CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. El complemento de autenticación OpenId Connect de Jenkins 2.6 y versiones anteriores determina incorrectamente que una URL de redireccionamiento después de iniciar sesión apunta legítimamente a Jenkins, lo que permite a los atacantes realizar ataques de phishing. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-2979 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50770
https://notcve.org/view.php?id=CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. El complemento de autenticación OpenId Connect de Jenkins 2.6 y versiones anteriores almacena una contraseña de una cuenta de usuario local utilizada como función antibloqueo en un formato recuperable, lo que permite a los atacantes con acceso al sistema de archivos del controlador de Jenkins recuperar la contraseña de texto plano de esa cuenta, probablemente obteniendo acceso de administrador a Jenkins. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24445
https://notcve.org/view.php?id=CVE-2023-24445
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. El complemento OpenID de Jenkins en su versión 2.4 y anteriores determinan incorrectamente que una URL de redireccionamiento después de iniciar sesión apunta legítimamente a Jenkins. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2997 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24444
https://notcve.org/view.php?id=CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. El complemento OpenID de Jenkins en su versión anterior 2.4 y anteriores no invalida la sesión anterior al iniciar sesión. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2996 • CWE-404: Improper Resource Shutdown or Release •