Unrated severityOSV Advisory· Published Mar 22, 2018· Updated Aug 5, 2024

CVE-2018-8899

Description

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

Affected products

Duendearchive/Identityserver4OSV
Range: 1.0.0-beta1, 1.0.0-rc1, 1.0.0-rc1-update1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895mitrex_refsource_MISC
github.com/IdentityServer/IdentityServer4/issues/2164mitrex_refsource_MISC
github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3mitrex_refsource_MISC
github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000