Vulnerabilities > Identityserver

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-21	CVE-2019-12250	Cross-site Scripting vulnerability in Identityserver Identityserver4 IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. network low complexity identityserver CWE-79	6.1
2018-03-22	CVE-2018-8899	Cross-site Scripting vulnerability in Identityserver Identityserver4 IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. network identityserver CWE-79	4.3
2017-08-08	CVE-2017-12677	Cross-site Scripting vulnerability in Identityserver Identityserver3 IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response. network identityserver CWE-79	4.3

Vulnerabilities > Identityserver {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Identityserver"}]}