Vulnerability Details : CVE-2018-8899
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-8899
- Identityserver » Identityserver4Versions from including (>=) 2.0.0 and up to, including, (<=) 2.1.2cpe:2.3:a:identityserver:identityserver4:*:*:*:*:*:*:*:*
- Identityserver » Identityserver4Versions from including (>=) 1.0.0 and up to, including, (<=) 1.5.2cpe:2.3:a:identityserver:identityserver4:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8899
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-8899
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8899
-
https://github.com/IdentityServer/IdentityServer4/issues/2164
Encode redirect uri on authorization response · Issue #2164 · IdentityServer/IdentityServer4 · GitHubIssue Tracking;Third Party Advisory
-
https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3
Release 2.1.3 · IdentityServer/IdentityServer4 · GitHubThird Party Advisory
-
https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3
Release 1.5.3 · IdentityServer/IdentityServer4 · GitHubThird Party Advisory
-
https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895
encode redirect uri in authorize response · IdentityServer/IdentityServer4@21d0da2 · GitHubPatch;Third Party Advisory
Jump to