Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc
Vulnerability Description
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
mod_auth_openidc 跨站脚本漏洞
Vulnerability Description
mod_auth_openidc是一个应用软件。是 Apache 2.x HTTP 服务器的身份验证/授权模块,用作OpenID Connect 依赖方,根据 OpenID Connect 提供程序对用户进行身份验证。 Zmartzone mod_auth_openidc 存在跨站脚本漏洞,该漏洞源于mod_auth_openidc 2.4.8.4版本及之前版本在OIDCPreservePost选项为On时存在 XSS 漏洞。
CVSS Information
N/A
Vulnerability Type
N/A