Описание
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-8899
- https://github.com/IdentityServer/IdentityServer4/issues/2164
- https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895
- https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3
- https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3
Связанные уязвимости
CVSS3: 6.1
nvd
почти 8 лет назад
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.