IdentityServer4 is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of validations on httpContext
parameter in the LogForErrorContext
function in host/Extensions/RequestLoggerMiddleware.cs
file, allowing remote attackers to inject and execute arbitrary JavaScript code in a victimβs browser.