← volver
CVE-2018-8899

CVE-2018-8899

EPSS 1.3%
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895https://github.com/IdentityServer/IdentityServer4/issues/2164https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3