Skip to content

XSS vulnerability when using OIDCPreservePost On

Low
zandbelt published GHSA-458c-7pwg-3j7j Jul 24, 2021

Package

mod_auth_openidc

Affected versions

<=2.4.8.4

Patched versions

>=2.4.9

Description

There is an XSS vulnerability in mod_auth_openidc <=2.4.8.4 when using OIDCPreservePost On.
This was adressed in:
00c315c
and:
55ea0a0

Severity

Low

CVE ID

CVE-2021-32792

Weaknesses

No CWEs

Credits