Vulnerabilities > Identityserver > Identityserver4 > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-21 CVE-2019-12250 Cross-site Scripting vulnerability in Identityserver Identityserver4
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
network
low complexity
identityserver CWE-79
6.1
6.1
2018-03-22 CVE-2018-8899 Cross-site Scripting vulnerability in Identityserver Identityserver4
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
network
low complexity
identityserver CWE-79
6.1
6.1