Identityserver: >> Identityserver4 >> 2.3.1 Security Vulnerabilities
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-21