CVE-2017-12677

{"id": "CVE-2017-12677", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-08-08T01:34:00.033", "references": [{"url": "https://github.com/IdentityServer/IdentityServer3/releases/tag/2.6.1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response."}, {"lang": "es", "value": "IdentityServer3 2.4.x, 2.5.x, y 2.6.x en las versiones anteriores a 2.6.1 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en una expresi\u00f3n angular en la p\u00e1gina de respuesta de autorizaci\u00f3n. Esto podr\u00eda permitir que atacantes remotos consigan informaci\u00f3n sensible sobre la respuesta de autorizaci\u00f3n IdentityServer."}], "lastModified": "2017-08-16T14:53:53.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:identityserver:identityserver3:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FF405C9-6A11-4C7D-90B9-F8A5BDD0FAC3"}, {"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC186893-6E04-43D5-8084-6EDE5F93F28C"}, {"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1419C7-0715-4D76-8782-98ACBA213FC4"}, {"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0399752-06F5-4B8E-AE29-028C628C3748"}, {"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "359AD70A-EFAC-4F4F-9AE3-AC155BDA9A67"}, {"criteria": "cpe:2.3:a:identityserver:identityserver3:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD2B612-6047-4ACB-A5A5-801CDC5E012A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}