CVE-2019-1010247

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-1010247
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010247.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-1010247
Downstream
Published
2019-07-19T15:15:12Z
Modified
2025-10-21T04:41:50.825353Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2.

References

Affected packages

Git / github.com/openidc/mod_auth_openidc

Affected ranges

Type
GIT
Repo
https://github.com/openidc/mod_auth_openidc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
132a4111bf3791e76437619a66336dce2ce4c79b

Affected versions

v1.*

v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9

v2.*

v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9

Database specific

vanir_signatures

[
    {
        "id": "CVE-2019-1010247-89e3225a",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "275783858131378812403800444144860413389",
                "46205525194440483296624585422491619447",
                "243712195454750900370617772788155467626",
                "79745957730272185036412550645874803815",
                "38262582489090544790001985277724602746",
                "91781408696798861671272003638129129736",
                "324366622091965964439785270219732068460",
                "176095200649492201327616041392562474415",
                "308463871080025619337497185199223370291",
                "154240486846914372105324504483746606532",
                "106404346524250571753600515345957150712"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b",
        "deprecated": false
    },
    {
        "id": "CVE-2019-1010247-f1f0f49e",
        "signature_type": "Function",
        "digest": {
            "length": 2199.0,
            "function_hash": "225515615663183908406650271426552601778"
        },
        "signature_version": "v1",
        "target": {
            "function": "oidc_handle_session_management_iframe_rp",
            "file": "src/mod_auth_openidc.c"
        },
        "source": "https://github.com/openidc/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b",
        "deprecated": false
    }
]