CVE-2018-8899
CVE-2018-8899
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895https://github.com/IdentityServer/IdentityServer4/issues/2164https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3