Home

CVE-2020-5497

Description

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.307

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-5497,CVE-2021-26715 are affected in Mitre - openid-connect-server 1.3.3Windows
Vulnerabilities CVE-2020-5497,CVE-2021-26715 are affected in Mitre - openid-connect-server for Linux 1.3.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234