XSS Vulnerability in IdentityServer IdentityServer4 1.x and 2.x

XSS Vulnerability in IdentityServer IdentityServer4 1.x and 2.x

CVE-2018-8899 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

Learn more about our Cis Benchmark Audit For Server Software.