CyberSecurityBoard
Sponsor Register Login

CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.

Publication date: Thu, 22 Mar 2018 10:29:00 +0000


Cyber News related to CVE-2018-8899

Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - A vulnerability has been discovered in a popular Bosch smart thermostat, allowing potential attackers to send commands to the device and replace its firmware, according to Bitdefender. The vulnerability impacts the Wi-Fi microcontroller that acts as ...
11 months ago Infosecurity-magazine.com
CVE-2018-1000672 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, ...
54 years ago Tenable.com
CVE-2018-8899 - IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. ...
6 years ago
CVE-2014-8897 - Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, ...
7 years ago
CVE-2014-8898 - Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, ...
7 years ago
CVE-2014-8899 - Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, ...
7 years ago
CVE-2015-8899 - Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. ...
8 years ago
CVE-2016-8899 - Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. ...
5 years ago
CVE-2017-8899 - Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to ...
4 years ago
CVE-2020-8899 - There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a ...
6 months ago
CVE-2019-8899 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2023-49898 - In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a ...
11 months ago Tenable.com
CVE-2023-49722 - Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. ...
11 months ago Tenable.com
CVE-2024-8899 - The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for ...
2 weeks ago Tenable.com
CVE-2018-0912 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0923 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago
CVE-2018-0916 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0914 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0921 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago
CVE-2018-0909 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0911 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0947 - Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0917 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago
CVE-2018-0910 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago
CVE-2018-0944 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)