Medium severity6.1NVD Advisory· Published May 21, 2019· Updated Jun 17, 2026
CVE-2019-12250
CVE-2019-12250
Description
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- IdentityServer/IdentityServer4description
- Range: <=2.4
Patches
Vulnerability mechanics
References
1- github.com/IdentityServer/IdentityServer4/issues/3279nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.