Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.10 views

CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript...

6.1CVSS6.6AI score0.02133EPSS
Exploits2References1
Circl
Circl
added 2024/03/19 2:11 p.m.4 views

CVE-2020-5497

creationtimestamp| type| source ---|---|--- 2024-03-19 14:11:54+00:00| seen| https://t.me/ctinow/211504 2024-10-09 23:23:29+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/713...

6.1CVSS6AI score0.02133EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2020/04/01 4:35 p.m.5 views

net.simpledynamics:openid-connect-server-spring-boot-config (>=0.1.0 <=0.1.3), net.simpledynamics:openid-connect-server-spring-boot-samples-default (>=0.1.0 <=0.1.1) +7 more potentially affected by CVE-2020-5497 via org.mitre:openid-connect-server (>=1.1.0 <=1.3.3)

org.mitre:openid-connect-server MAVEN version =1.1.0, =0.1.0, =0.1.0, =0.1.0, =0.11, =1.1.0, =1.2.0, =1.2.0, =1.3.3 Source cves: CVE-2020-5497 Source advisory: OSV:GHSA-C2H6-7GM8-CV4W...

6.1CVSS6.3AI score0.02133EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/02/28 12:0 a.m.109 views

MITREid 1.3.3 Cross Site Scripting

MITREid Connect OpenID-Connect-Java-Spring-Server version 1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is included in topbar.tag and header.tag without being sanitized. A user can set their name to a value like: Testalert1 Which will be included in JSON used by a...

4.3CVSS6.3AI score0.02133EPSS
Exploits2
CVE
CVE
added 2020/01/04 2:7 a.m.204 views

CVE-2020-5497

The CVE-2020-5497 issue affects the MITREid Connect OpenID Connect reference implementation (OpenID-Connect-Java-Spring-Server) up to version 1.3.3. The root cause is that userInfoJson is included in the page unsanitized (related to header.tag), which enables cross-site scripting and can allow ar...

6.1CVSS6.2AI score0.02133EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder