8 results (0.011 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en DiSo Development Team OpenID permite el XSS reflejado. Este problema afecta a OpenID: desde n/a hasta 3.6.1. The OpenID plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/openid/wordpress-openid-plugin-3-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. El complemento de autenticación OpenId Connect de Jenkins 2.6 y versiones anteriores determina incorrectamente que una URL de redireccionamiento después de iniciar sesión apunta legítimamente a Jenkins, lo que permite a los atacantes realizar ataques de phishing. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-2979 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. El complemento de autenticación OpenId Connect de Jenkins 2.6 y versiones anteriores almacena una contraseña de una cuenta de usuario local utilizada como función antibloqueo en un formato recuperable, lo que permite a los atacantes con acceso al sistema de archivos del controlador de Jenkins recuperar la contraseña de texto plano de esa cuenta, probablemente obteniendo acceso de administrador a Jenkins. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. Una vulnerabilidad de cross-site request forgery (CSRF) en complemento de OpenID de Jenkins en su versión 2.4 y anteriores permite a los atacantes engañar a los usuarios para que inicien sesión en la cuenta del atacante. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2995 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. El complemento OpenID de Jenkins en su versión anterior 2.4 y anteriores no invalida la sesión anterior al iniciar sesión. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2996 • CWE-404: Improper Resource Shutdown or Release •