Detections
Analytics
OAuth Dynamic Client Registration Permissive Metadata Field
low Web App Scanning Plugin ID 114920
Language:
Synopsis
OAuth Dynamic Client Registration Permissive Metadata FieldDescription
OAuth Dynamic Client Registration allows for various metadata fields such as 'client_name', 'website_uri' during the registration process. When the OAuth server accepts permissive values for such fields, such as ones starting with javascript://, an attacker could exploit this to perform Cross-Site Scripting (XSS) attacks. OAuth Dynamic Client Registration is very common in the context of Model Context Protocol (MCP) servers, allowing attackers to target AI developersSolution
Enforce strict validation on URLs to ensure they are only using https:// scheme.See Also
https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html
Plugin Details
Severity: Low
ID: 114920
Type: remote
Family: Web Applications
Published: 7/18/2025
Updated: 7/18/2025
Scan Template: api, basic, full, mcp, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 4.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Low
Base Score: 2.1
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Reference Information
CWE: 79
OWASP: 2010-A2, 2013-A3, 2017-A7, 2021-A3
WASC: Cross-Site Scripting
CAPEC: 209, 588, 591, 592, 63, 85
DISA STIG: APSC-DV-002490
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-5.3.3
PCI-DSS: 3.2-6.5.7