CVE-2018-8899

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-8899

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8899.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-8899

Published

2018-03-22T05:29:00.287Z

Modified

2025-12-02T23:24:07.905167Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

References

Affected packages

Git / github.com/duendearchive/identityserver4

Affected ranges

Type: GIT
Repo: https://github.com/duendearchive/identityserver4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

02e7b1db08ea20483fa84f0087612f9d7c57d7e7

Fixed

21d0da227f50ac102de469a13bc5a15d2cc0f895

Fixed

35ac1ac2d8f62cc3c6b2602bb653c3e651cdcfd8

Affected versions

1.*

1.0.0

1.0.0-beta1

1.0.0-rc1

1.0.0-rc1-update1

1.0.0-rc1-update2

1.0.0-rc2

1.0.0-rc3

1.0.0-rc4

1.0.0-rc4-update1

1.0.0-rc5

1.0.1

1.0.2

1.1.0

1.1.1

1.2

1.2.0

1.2.1

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

2.*

2.0.0

2.0.0-rc1

2.0.0-rc1-update1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.1

2.1.2

Other

RC2

RC4-Update1

beta1-update1

beta2

beta2-update1

beta2-update2

beta3

beta4

beta4-update1

beta4-update2

beta5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8899.json"

Git / github.com/identityserver/identityserver4

Affected ranges

Type: GIT
Repo: https://github.com/identityserver/identityserver4
Events: Introduced

62eea365e8835323230c32eff6ec9b7b78cc1be0

Introduced

1b88084c06eb6a0368ccec9fed7c9a295f1d508b

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.2

1.2.0

1.2.1

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

2.*

2.0.0

2.0.0-rc1

2.0.0-rc1-update1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.3.0

2.3.0-preview1

2.3.0-preview1-update1

2.3.0-preview1-update2

2.3.1

2.3.2

2.4.0

2.4.0-preview1

2.5.0

2.5.0-preview.1

2.5.0-preview.2

2.5.0-preview.3

2.5.1

2.5.2

2.5.3

3.*

3.0.0

3.0.1

3.0.2

3.1.0

3.1.0-preview.1

4.*

4.0

4.0.0

4.0.0-preview.0

4.0.0-preview.1

4.0.0-preview.2

4.0.0-preview.3

4.0.0-preview.4

4.0.0-preview.5

4.0.0-preview.6

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0

4.1.0-preview.0

4.1.1

4.1.2

nuget_2.*

nuget_2.3.0-preview2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8899.json"