CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Configurations

Configuration 1

cpe:2.3:a:identityserver:identityserver4:*:*:*:*:*:*:*:*
cpe:2.3:a:identityserver:identityserver4:*:*:*:*:*:*:*:*

Information

Published : 2018-03-22 05:29

Updated : 2018-04-18 01:28


NVD link : CVE-2018-8899

Mitre link : CVE-2018-8899

Products Affected
No products.
CWE