Description

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

Remediation

References

http://packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html

http://seclists.org/fulldisclosure/2020/Feb/25

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521

https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497

Related Vulnerabilities

CVE-2019-10744 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2021-39157 Vulnerability in npm package detect-character-encoding

CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory VDB Entry Mailing List Issue Tracking