Description

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

Remediation

References

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521

https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497

http://seclists.org/fulldisclosure/2020/Feb/25

http://packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html

Related Vulnerabilities

CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth

CVE-2020-28425 Vulnerability in npm package curljs

CVE-2023-34840 Vulnerability in npm package angular-ui-notification

CVE-2022-1233 Vulnerability in npm package urijs

CVE-2023-37899 Vulnerability in npm package @feathersjs/socketio

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Issue Tracking Third Party Advisory Mailing List VDB Entry