CVE-2018-8899

Published March 22nd, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

DuendeArchive/IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core

GitHub