Jameelnabboo

**Name of the Vulnerable Software and Affected Versions** IdentityServer versions 4 through 2.4 **Description** The issue is related to stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method. This can be triggered by viewing a log. It's worth noting that the software maintainer disputes this as a vulnerability, stating the request logger is not part of IdentityServer but only part of their development test host. **Recommendations** For versions 4 through 2.4, as a temporary workaround, consider disabling the LogForErrorContext method in the RequestLoggerMiddleware.cs until a resolution is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.