First published: Sat Jan 04 2020(Updated: )
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MITREid Connect | <=1.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.