← volver
CVE-2021-24214CWE-79

OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error

18Vexday Risk Score

Corrige pronto. Ella tiene exploit funcional público.

ssvc Attendepss 1.6%
probabilidad de explotación
1.6%top 26% de las CVE
explotación observada
noninguna fuente lo reporta
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.