Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
miniorange saml vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32993
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and previous versions does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
Jenkins Saml Single Sign On
NA
CVE-2023-32994
Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and previous versions unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these con...
Jenkins Saml Single Sign On
NA
CVE-2022-4496
The SAML SSO Standard WordPress plugin version 16.0.0 prior to 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 prior to 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 prior to 20.0.7 does not validate that the redirect parameter to its SSO login en...
Miniorange Saml Sp Single Sign On
3.5
CVSSv2
CVE-2022-1010
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...
Miniorange Login Using Wordpress Users
6.5
CVSSv2
CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the S...
Drupal Saml Sp 2.0 Single Sign On
3.5
CVSSv2
CVE-2021-36785
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows XSS.
Miniorange Saml
5
CVSSv2
CVE-2021-36786
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
Miniorange Saml
4.3
CVSSv2
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin prior to 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Miniorange Saml Sp Single Sign On
4.3
CVSSv2
CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin prior to 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
Miniorange Saml Sp Single Sign On
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started