AI Score
Confidence
High
EPSS
Percentile
47.0%
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895
github.com/IdentityServer/IdentityServer4/issues/2164
github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3
github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3