Vulnerabilities > Mitreid
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-25 | CVE-2021-26715 | Server-Side Request Forgery (SSRF) vulnerability in Mitreid Connect The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. | 9.1 |
2021-02-23 | CVE-2021-27582 | Unspecified vulnerability in Mitreid Connect org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. | 9.1 |
2020-01-04 | CVE-2020-5497 | Cross-site Scripting vulnerability in Mitreid Connect The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. | 6.1 |