Miniorange: Security Vulnerabilities
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-13
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-13
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-02-17
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-24
Page 6