RSS   Vulnerabilities for 'Identityserver4'   RSS

2019-05-21
 
CVE-2019-12250

CWE-79
 

 
** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host.

 

 >>> Vendor: Identityserver 2 Products
Identityserver3
Identityserver4


Copyright 2024, cxsecurity.com

 

Back to Top