CVE-2021-28290

2022-05-1118:15:22

Google

osv.dev

xss

skoruba identityserver4.admin

cross-site scripting

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.

References

github.com/skoruba/IdentityServer4.Admin/issues/813