Description

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

Remediation

References

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521

https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497

http://seclists.org/fulldisclosure/2020/Feb/25

http://packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html

Related Vulnerabilities

CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs

CVE-2020-7774 Vulnerability in npm package y18n

CVE-2018-8009 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark

CVE-2021-26291 Vulnerability in maven package org.apache.maven:apache-maven

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Issue Tracking Third Party Advisory Mailing List VDB Entry