CVE-2017-12677

Published: 2017-08-08T01:34Z

Last Modified: 2024-11-21T03:10Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt