CVE-2019-12250 (identityserver4)
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
Source: CVE-2019-12250 (identityserver4)