EPSS
Percentile
47.0%
IdentityServer4 is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of encoding on the redirect URI on the authorization response page, causing XSS attacks to occur.
github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895
github.com/IdentityServer/IdentityServer4/issues/2164
github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3
github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3