CVE-2018-8899

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-8899
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8899.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-8899
Published
2018-03-22T05:29:00Z
Modified
2025-01-08T10:20:23.574716Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

References

Affected packages

Git / github.com/identityserver/identityserver4

Affected ranges

Type
GIT
Repo
https://github.com/identityserver/identityserver4
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.0.0
1.0.0-beta1
1.0.0-rc1
1.0.0-rc1-update1
1.0.0-rc1-update2
1.0.0-rc2
1.0.0-rc3
1.0.0-rc4
1.0.0-rc4-update1
1.0.0-rc5
1.0.1
1.0.2
1.1.0
1.1.1
1.2
1.2.0
1.2.1
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.5.0
1.5.1
1.5.2

2.*

2.0.0
2.0.0-rc1
2.0.0-rc1-update1
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.1.1
2.1.2

Other

RC2
RC4-Update1
beta1-update1
beta2
beta2-update1
beta2-update2
beta3
beta4
beta4-update1
beta4-update2
beta5