CVE-2018-8899

Sažetak

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

Reference

https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895
https://github.com/IdentityServer/IdentityServer4/issues/2164
https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3
https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-04-2018 - 01:28

Objavljeno

22-03-2018 - 05:29