URL Redirection to Untrusted Site ('Open Redirect')

Overview IdentityServer4 is an OpenID Connect and OAuth 2.0 Framework for ASP.NET Core Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' through the commonly used GetAuthorizationContextAsync and IsValidReturnUrl methods which return non-null...

IdentityServer IdentityServer4 Cross-Site Scripting Vulnerability

IdentityServer IdentityServer4 is an open source for ASP.NET Core OAuth open authorization framework. A cross-site scripting vulnerability exists in IdentityServer IdentityServer4 2.4 and earlier versions. The vulnerability stems from the lack of proper validation of client-side data in WEB...