Vulnerabilities > Mitreid

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2021-26715 Server-Side Request Forgery (SSRF) vulnerability in Mitreid Connect
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
mitreid CWE-918
critical
9.1
2021-02-23 CVE-2021-27582 Unspecified vulnerability in Mitreid Connect
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability.
network
low complexity
mitreid
critical
9.1
2020-01-04 CVE-2020-5497 Cross-site Scripting vulnerability in Mitreid Connect
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized.
network
low complexity
mitreid CWE-79
6.1