Vulnerabilities > Uninett > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-22 | CVE-2021-3639 | Unspecified vulnerability in Uninett MOD Auth Mellon A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. | 6.1 |
| 2017-03-13 | CVE-2017-6807 | Cross-site Scripting vulnerability in Uninett MOD Auth Mellon mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | 6.1 |