VYPR
Medium severity6.1OSV Advisory· Published Mar 22, 2018· Updated Jun 17, 2026

CVE-2018-8899

CVE-2018-8899

Description

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.