PT-2019-11526 · Zmartzone Iam · Mod Auth Openidc
Published
2019-07-19
·
Updated
2023-05-25
·
CVE-2019-1010247
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
ZmartZone IAM mod auth openidc versions 2.3.10.1 and earlier
Description:
The issue affects the ZmartZone IAM mod auth openidc, allowing for Cross Site Scripting (XSS) attacks. This can lead to redirecting the user to a phishing page or interacting with the application on behalf of the user. The vulnerable component is located in the file src/mod auth openidc.c at line 3109.
Recommendations:
For versions 2.3.10.1 and earlier, update to version 2.3.10.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mod Auth Openidc