PT-2020-18479 · Mitre · Mitreid Connect
Aaron Bishop
·
Published
2020-01-04
·
Updated
2023-01-24
·
CVE-2020-5497
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MITREid Connect versions 1.3.3 and earlier
Description
The issue allows for XSS due to
userInfoJson being included in the page unsanitized, related to header.tag. This can be exploited to execute arbitrary JavaScript. The user's name is included in topbar.tag and header.tag without being sanitized.Recommendations
For versions 1.3.3 and earlier, consider sanitizing the
userInfoJson to prevent XSS attacks. As a temporary workaround, restrict the use of header.tag and topbar.tag to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mitreid Connect