Identityserver Identityserver4 — known CVE vulnerabilities
Every CVE whose affected-product data names Identityserver Identityserver4, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2018-8899 — CVSS 6.1 (medium): IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page…
CVE-2019-12250 — CVSS 6.1 (medium): IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs…