CVE-2018-8899
CVE-2018-8899 affects IdentityServer4: versions 1.x before 1.5.3 and 2.x before 2.1.3 do not encode the redirect URI on the authorization response page, which may allow a cross-site scripting (XSS) payload in certain configurations. The root cause is lack of encoding on the redirect URI in the au...