The vulnerability exists in the Infomaniak Connect for OpenID plugin due to a lack of proper input sanitization and output escaping on the 'endpoint_login' parameter of the infomaniak_connect_generic_auth_url shortcode. This oversight allows authenticated users with at least Contributor-level access to inject arbitrary JavaScript code into posts or pages. When these pages are viewed, the scripts execute in the context of the viewing user's browser, potentially leading to session hijacking, defacement, or distribution of malicious content. The core issue arises from the failure to adequately restrict and cleanse user inputs before they are stored and later rendered on web pages. This type of vulnerability is particularly dangerous because it persists within the site content until explicitly removed, potentially affecting multiple users who view the content.

To mitigate this vulnerability, restrict access to the plugin to only trusted users by elevating the required user role for plugin usage. Implement full input validation and output encoding practices in the plugin code. Regularly review user roles and capabilities to ensure minimal access is granted where necessary. Performing a site-wide security audit can also help identify and remediate any other potential vulnerabilities.