Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
IdentityServer3 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.