Medium severity6.1OSV Advisory· Published Mar 22, 2018· Updated Jun 17, 2026
CVE-2018-8899
CVE-2018-8899
Description
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.0.0-beta1, 1.0.0-rc1, 1.0.0-rc1-update1, …
- Range: <1.5.3, <2.1.3
Patches
Vulnerability mechanics
References
4- github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895nvdPatchThird Party Advisory
- github.com/IdentityServer/IdentityServer4/issues/2164nvdIssue TrackingThird Party Advisory
- github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3nvdThird Party Advisory
- github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3nvdThird Party Advisory
News mentions
0No linked articles in our index yet.