Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by daggerhartlab
CVE-2021-24214 (GCVE-0-2021-24214)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:21
VLAI
Title
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/31cf0dfb-4025-48… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| daggerhart | OpenID Connect Generic Client |
Affected:
3.8.0 , < 3.8.0*
(custom)
Affected: 3.8.2 , < 3.8.2 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenID Connect Generic Client",
"vendor": "daggerhart",
"versions": [
{
"lessThan": "3.8.0*",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Austin Bentley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24214",
"STATE": "PUBLIC",
"TITLE": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenID Connect Generic Client",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "3.8.0",
"version_value": "3.8.0"
},
{
"version_affected": "\u003c",
"version_name": "3.8.2",
"version_value": "3.8.2"
}
]
}
}
]
},
"vendor_name": "daggerhart"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24214",
"datePublished": "2021-05-05T18:39:42.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24214 (GCVE-0-2021-24214)
Vulnerability from nvd – Published: 2021-05-05 18:39 – Updated: 2024-08-03 19:21
VLAI
Title
OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/31cf0dfb-4025-48… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| daggerhart | OpenID Connect Generic Client |
Affected:
3.8.0 , < 3.8.0*
(custom)
Affected: 3.8.2 , < 3.8.2 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenID Connect Generic Client",
"vendor": "daggerhart",
"versions": [
{
"lessThan": "3.8.0*",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Austin Bentley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:39:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24214",
"STATE": "PUBLIC",
"TITLE": "OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenID Connect Generic Client",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "3.8.0",
"version_value": "3.8.0"
},
{
"version_affected": "\u003c",
"version_name": "3.8.2",
"version_value": "3.8.2"
}
]
}
}
]
},
"vendor_name": "daggerhart"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Austin Bentley"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24214",
"datePublished": "2021-05-05T18:39:42.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}