CVE-2017-12677

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.

IdentityServer/IdentityServer3
IdentityServer/IdentityServer3UNAVAILABLE
OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
GitHubGitHub
2.01K