Skip to main content

Mod Auth Openidc CVE-2019-1010247

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-07-19 josh@bress.net
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 19, 2019 - 15:15 nvd
MEDIUM 6.1

DescriptionNVD

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.

AnalysisAI

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. Affected products include: Openidc Mod Auth Openidc.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-24814 HIGH POC
7.5 Feb 13

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that imp

CVE-2021-39191 MEDIUM POC
6.1 Sep 03

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2021-32786 MEDIUM POC
6.1 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2017-6062 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apac

CVE-2017-6413 HIGH
8.6 Mar 02

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apac

CVE-2017-6059 HIGH
7.5 Apr 12

Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.

CVE-2023-28625 HIGH
7.5 Apr 03

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID

CVE-2021-32785 HIGH
7.5 Jul 22

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2021-20718 HIGH
7.5 May 20

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified ve

CVE-2022-23527 MEDIUM
6.1 Dec 14

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated m

CVE-2021-32792 MEDIUM
6.1 Jul 26

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Co

CVE-2019-14857 MEDIUM
6.1 Nov 26

A flaw was found in mod_auth_openidc before version 2.4.0.1. Rated medium severity (CVSS 6.1), this vulnerability is rem

Share

CVE-2019-1010247 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy