CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

Published: Jan 4, 2020
Updated: May 9, 2024
CVE: CVE-2020-5497
GHSA: GHSA-c2h6-7gm8-cv4w
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mitreid / connect	-	1.3.3.x
org.mitre / openid-connect-server	-	1.3.3.x

http://packetstormsecurity.com/files/156574/MITREid-1.3.3-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2020/Feb/25
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/pull/1526
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/pull/1527
https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497

Vulnerability Database

289,697

CVE-2020-5497