CVE-2021-24214
N/A
N/A
Summary
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| daggerhart | OpenID Connect Generic Client | 3.8.0 < 3.8.0* | affected |
| daggerhart | OpenID Connect Generic Client | 3.8.2 < 3.8.2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.