9 matches found
Cross-site Scripting (XSS)
openid-connect-server is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of userInfoJson was not sanitized when displayed in header.tag...