Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
single sign-on vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-32995
A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and previous versions allows malicious users to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
Jenkins Saml Single Sign On
4.3
CVSSv3
CVE-2023-32996
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and previous versions allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
Jenkins Saml Single Sign-on
NA
CVE-2014-2586
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote malicious users to inject arbitrary web script or HTML via a crafted password.
Mcafee Cloud Single Sign On -
1 EDB exploit
7.9
CVSSv3
CVE-2020-5425
Single Sign-On for Vmware Tanzu all versions before 1.11.3 ,1.12.x versions before 1.12.4 and 1.13.x before 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different ide...
Vmware Single Sign-on For Tanzu
4.8
CVSSv3
CVE-2023-37986
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.
Minorange Wordpress Yourmembership Single Sign-on
6.1
CVSSv3
CVE-2022-4496
The SAML SSO Standard WordPress plugin version 16.0.0 prior to 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 prior to 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 prior to 20.0.7 does not validate that the redirect parameter to its SSO login en...
Miniorange Saml Sp Single Sign On
6.1
CVSSv3
CVE-2019-12346
In the miniOrange SAML SP Single Sign On plugin prior to 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
Miniorange Saml Sp Single Sign On
5.5
CVSSv3
CVE-2019-10157
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could pr...
Redhat Single Sign-on
Redhat Keycloak
6.1
CVSSv3
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin prior to 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
Miniorange Saml Sp Single Sign On
9.1
CVSSv3
CVE-2019-14837
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be &...
Redhat Keycloak
Redhat Single Sign-on 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »