CVE-2017-12677

MEDIUM

Identityserver3 - XSS

Title source: rule

Description

IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.

References (1)

[Third Party Advisory] https://github.com/IdentityServer/IdentityServer3/releases/tag/2.6.1

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (7)

identityserver/identityserver3

n/a/n/a

Published Aug 08, 2017

Tracked Since Feb 18, 2026