LOWCVE-2021-32792CVSS 3.1

CVE-2021-32792: XSS in mod_auth_openidc Apache Module

Q: What is CVE-2021-32792 — XSS in mod_auth_openidc?

CVE-2021-32792 is a cross-site scripting (XSS) vulnerability in the mod_auth_openidc Apache module, affecting versions up to 2.4.9 when `OIDCPreservePost On` is enabled.

Q: Am I affected by CVE-2021-32792 in mod_auth_openidc?

You are affected if you are using mod_auth_openidc version 2.4.9 or earlier and have the `OIDCPreservePost On` directive enabled in your Apache configuration.

Q: How do I fix CVE-2021-32792 in mod_auth_openidc?

Upgrade mod_auth_openidc to version 2.4.9 or later. Alternatively, disable the `OIDCPreservePost On` directive in your Apache configuration.

Q: Is CVE-2021-32792 being actively exploited?

While no active exploitation campaigns are currently known, a public proof-of-concept exists, making exploitation possible.

Q: Where can I find the official Apache advisory for CVE-2021-32792?

Refer to the Apache Security Advisory for details: https://httpd.apache.org/security/announcements/CVE-2021-32792.html

Platform

apache

Component

mod_auth_openidc

Fixed in

2.4.10

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026

View on NVD

Save

CVE-2021-32792 describes a cross-site scripting (XSS) vulnerability affecting the modauthopenidc Apache module. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. It impacts versions of modauthopenidc up to and including 2.4.9. A fix is available in version 2.4.9.

Impact and Attack Scenarios

The XSS vulnerability arises when the OIDCPreservePost On directive is enabled within the modauthopenidc configuration. Attackers can exploit this by crafting malicious requests that inject JavaScript code into the OpenID Connect authentication flow. When a user subsequently authenticates, the injected script executes in their browser context, potentially allowing the attacker to steal cookies, redirect the user to a malicious site, or deface the web application. The blast radius extends to any user who authenticates through the vulnerable OpenID Connect integration.

Exploitation Context

This vulnerability was publicly disclosed on 2021-07-26. No known active exploitation campaigns have been reported. There are publicly available proof-of-concept exploits demonstrating the XSS vulnerability. It is not listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.17% (38% percentile)

CVSS Vector

Affected Software

Componentmod_auth_openidc

Vendorzmartzone

Affected rangeFixed in

< 2.4.9 – < 2.4.92.4.10

Weakness Classification (CWE)

CWE-79

Timeline

Reserved2021-05-12
Published2021-07-26
Modified2024-08-03
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2021-32792 is to upgrade the modauthopenidc module to version 2.4.9 or later. If upgrading is not immediately feasible, consider disabling the OIDCPreservePost On directive in the Apache configuration. This will prevent the vulnerable code path from being executed, but may impact the functionality of the OpenID Connect integration. Monitor Apache access logs for unusual POST requests containing suspicious script tags. After upgrading, confirm the fix by attempting to trigger the XSS vulnerability with a crafted request and verifying that the script is not executed.

How to fix

Actualice el módulo mod_auth_openidc a la versión 2.4.9 o superior. Esta versión corrige la vulnerabilidad XSS al usar la directiva `OIDCPreservePost On`.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2021-32792 — XSS in mod_auth_openidc?

CVE-2021-32792 is a cross-site scripting (XSS) vulnerability in the modauthopenidc Apache module, affecting versions up to 2.4.9 when OIDCPreservePost On is enabled.

Am I affected by CVE-2021-32792 in mod_auth_openidc?

You are affected if you are using modauthopenidc version 2.4.9 or earlier and have the OIDCPreservePost On directive enabled in your Apache configuration.

How do I fix CVE-2021-32792 in mod_auth_openidc?

Upgrade modauthopenidc to version 2.4.9 or later. Alternatively, disable the OIDCPreservePost On directive in your Apache configuration.

Is CVE-2021-32792 being actively exploited?

While no active exploitation campaigns are currently known, a public proof-of-concept exists, making exploitation possible.

Where can I find the official Apache advisory for CVE-2021-32792?

Refer to the Apache Security Advisory for details: https://httpd.apache.org/security/announcements/CVE-2021-32792.html

NextGuard

Vulnerabilities

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: Low — partial or indirect data access. Attacker gains limited information.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: None — no availability impact. Service remains fully operational.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs