Vulnerability Description
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openidc | Mod Auth Openidc | < 2.3.10.2 |
Related Weaknesses (CWE)
References
- https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a663PatchThird Party Advisory
- https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/08/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-Third Party Advisory
- https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a663PatchThird Party Advisory
- https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.3.10.2Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/08/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00028.html
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-Third Party Advisory
FAQ
What is CVE-2019-1010247?
CVE-2019-1010247 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of ...
How severe is CVE-2019-1010247?
CVE-2019-1010247 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010247?
Check the references section above for vendor advisories and patch information. Affected products include: Openidc Mod Auth Openidc.