Filtered by vendor Identityserver
Subscriptions
Filtered by product Identityserver4
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12250 | 1 Identityserver | 1 Identityserver4 | 2024-11-21 | N/A |
| IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host | ||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2024-11-21 | N/A |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | ||||
Page 1 of 1.