Lucene search
Veracode Vulnerability DatabaseVERACODE:22918HistoryApr 02, 2020 - 4:06 a.m.
Cross-site Scripting (XSS)
2020-04-0204:06:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.004 Low
EPSS
Percentile
72.0%
openid-connect-server is vulnerable to cross-site scripting (XSS). The vulnerability exists as the value of userInfoJson was not sanitized when displayed in header.tag.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openid connect server library | le | 1.3.3 | |
| openid connect server library | le | 1.3.3 |
References
packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2020/Feb/25
github.com/advisories/GHSA-c2h6-7gm8-cv4w
github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521
www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497
Related
cve
cve
CVE-2020-5497
2020-01-04 03:15:10
github
github
XSS in MITREid Connect
2020-04-01 16:35:44
osv
osv
XSS in MITREid Connect
2020-04-01 16:35:44
CVE-2020-5497
2020-01-04 03:15:10
cvelist
cvelist
CVE-2020-5497
2020-01-04 02:07:34
nvd
nvd
CVE-2020-5497
2020-01-04 03:15:10
packetstorm
packetstorm
MITREid 1.3.3 Cross Site Scripting
2020-02-28 00:00:00
prion
prion
Design/Logic Flaw
2020-01-04 03:15:00