Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2021-011HistoryAug 10, 2021 - 12:00 a.m.
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
2021-08-1000:00:00
TYPO3 Association
typo3.org
27
miniorange saml
extension
vulnerabilities
input encoding
sensitive data
api credentials
private key
3rd party components
jquery
robrichards/xmlseclibs
EPSS
0.002
Percentile
55.1%
The extension fails to properly encode user input for output in HTML context (CVE-2021-36785). Also the extension contains sensitive data (API credentials and private key) which should not have been published (CVE-2021-36786). Finally the extension bundles several 3rd Party Components (jQuery and robrichards/xmlseclibs) with known security vulnerabilities.
Related
osv
osv
Sensitive Data Exposure in miniorange_saml
2021-09-01 18:36:24
Cross-site Scripting in TYPO3 extension
2021-08-30 17:22:25
cvelist
cvelist
CVE-2021-36786
2021-08-13 16:12:57
CVE-2021-36785
2021-08-13 16:11:20
github
github
Sensitive Data Exposure in miniorange_saml
2021-09-01 18:36:24
Cross-site Scripting in TYPO3 extension
2021-08-30 17:22:25
nvd
nvd
CVE-2021-36786
2021-08-13 17:15:16
CVE-2021-36785
2021-08-13 17:15:16
cnvd
cnvd
TYPO3 Information Disclosure Vulnerability (CNVD-2022-17977)
2021-08-16 00:00:00
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17981)
2021-08-13 00:00:00
prion
prion
Command injection
2021-08-13 17:15:00
Cross site scripting
2021-08-13 17:15:00
cve
cve
CVE-2021-36786
2021-08-13 17:15:16
CVE-2021-36785
2021-08-13 17:15:16