OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
18Vexday Risk Score
Corrija em breve. Ela tem exploit funcional público.
ssvc Attendepss 1.6%
probabilidade de exploração
1.6%top 26% das CVEs
exploração observada
nãonenhuma fonte reporta
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Produtos afetados
daggerhart · OpenID Connect Generic Client