CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12346

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2019-12346

Miniorange » Saml Sp Single Sign On » Version: N/A

cpe:2.3:a:miniorange:saml_sp_single_sign_on:-
Miniorange » Saml Sp Single Sign On » Version: 4.8.23

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.23
Miniorange » Saml Sp Single Sign On » Version: 4.8.24

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.24
Miniorange » Saml Sp Single Sign On » Version: 4.8.25

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.25
Miniorange » Saml Sp Single Sign On » Version: 4.8.26

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.26
Miniorange » Saml Sp Single Sign On » Version: 4.8.27

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.27
Miniorange » Saml Sp Single Sign On » Version: 4.8.28

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.28
Miniorange » Saml Sp Single Sign On » Version: 4.8.30

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.30
Miniorange » Saml Sp Single Sign On » Version: 4.8.31

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.31
Miniorange » Saml Sp Single Sign On » Version: 4.8.32

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.32
Miniorange » Saml Sp Single Sign On » Version: 4.8.33

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.33
Miniorange » Saml Sp Single Sign On » Version: 4.8.34

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.34
Miniorange » Saml Sp Single Sign On » Version: 4.8.35

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.35
Miniorange » Saml Sp Single Sign On » Version: 4.8.40

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.40
Miniorange » Saml Sp Single Sign On » Version: 4.8.41

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.41
Miniorange » Saml Sp Single Sign On » Version: 4.8.42

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.42
Miniorange » Saml Sp Single Sign On » Version: 4.8.43

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.43
Miniorange » Saml Sp Single Sign On » Version: 4.8.44

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.44
Miniorange » Saml Sp Single Sign On » Version: 4.8.50

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.50
Miniorange » Saml Sp Single Sign On » Version: 4.8.51

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.51
Miniorange » Saml Sp Single Sign On » Version: 4.8.52

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.52
Miniorange » Saml Sp Single Sign On » Version: 4.8.60

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.60
Miniorange » Saml Sp Single Sign On » Version: 4.8.61

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.61
Miniorange » Saml Sp Single Sign On » Version: 4.8.62

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.62
Miniorange » Saml Sp Single Sign On » Version: 4.8.63

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.63
Miniorange » Saml Sp Single Sign On » Version: 4.8.64

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.64
Miniorange » Saml Sp Single Sign On » Version: 4.8.65

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.65
Miniorange » Saml Sp Single Sign On » Version: 4.8.66

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.66
Miniorange » Saml Sp Single Sign On » Version: 4.8.67

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.67
Miniorange » Saml Sp Single Sign On » Version: 4.8.68

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.68
Miniorange » Saml Sp Single Sign On » Version: 4.8.69

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.69
Miniorange » Saml Sp Single Sign On » Version: 4.8.70

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.70
Miniorange » Saml Sp Single Sign On » Version: 4.8.71

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.71
Miniorange » Saml Sp Single Sign On » Version: 4.8.72

cpe:2.3:a:miniorange:saml_sp_single_sign_on:4.8.72

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12346

Products

Pricing

Contact Us