Описание
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.3 (включая)
cpe:2.3:a:mitreid:connect:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 54%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79