CVE-2017-12677
IdentityServer3 versions 2.4.x, 2.5.x, and 2.6.x prior to 2.6.1 are affected by a cross-site scripting (XSS) vulnerability on the authorize response page due to an Angular expression. This could allow remote attackers to obtain sensitive information about the IdentityServer authorization response...