VYPR

Identityserver3

by Identityserver

CVEs (4)

  • CVE-2019-12250MedMay 21, 2019
    risk 0.40cvss 6.1epss 0.01

    IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the…

  • CVE-2017-12677MedAug 8, 2017
    risk 0.40cvss 6.1epss 0.01

    IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.

  • CVE-2026-4349MedMar 17, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. It is…

  • CVE-2018-8899MedMar 22, 2018
    risk 0.00cvss 6.1epss 0.01

    IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.