5 matches found
CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript...
CVE-2020-5497
creationtimestamp| type| source ---|---|--- 2024-03-19 14:11:54+00:00| seen| https://t.me/ctinow/211504 2024-10-09 23:23:29+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/713...
net.simpledynamics:openid-connect-server-spring-boot-config (>=0.1.0 <=0.1.3), net.simpledynamics:openid-connect-server-spring-boot-samples-default (>=0.1.0 <=0.1.1) +7 more potentially affected by CVE-2020-5497 via org.mitre:openid-connect-server (>=1.1.0 <=1.3.3)
org.mitre:openid-connect-server MAVEN version =1.1.0, =0.1.0, =0.1.0, =0.1.0, =0.11, =1.1.0, =1.2.0, =1.2.0, =1.3.3 Source cves: CVE-2020-5497 Source advisory: OSV:GHSA-C2H6-7GM8-CV4W...
MITREid 1.3.3 Cross Site Scripting
MITREid Connect OpenID-Connect-Java-Spring-Server version 1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is included in topbar.tag and header.tag without being sanitized. A user can set their name to a value like: Testalert1 Which will be included in JSON used by a...
CVE-2020-5497
The CVE-2020-5497 issue affects the MITREid Connect OpenID Connect reference implementation (OpenID-Connect-Java-Spring-Server) up to version 1.3.3. The root cause is that userInfoJson is included in the page unsanitized (related to header.tag), which enables cross-site scripting and can allow ar...