openid-connect-java-spring-server

vulnerability cross-site scripting (xss)
severity 7.2
language java
registry maven

Overview

openid-connect-server-webapp is a certified OpenID Connect reference implementation in Java on the Spring platform.

Affected versions of this package are vulnerable to Cross Site Scripting (XSS) due to userInfoJson being included in the page and unsanitized in the header.tag.