Lucene search
DellCVELIST:CVE-2016-0781HistoryMay 25, 2017 - 5:00 p.m.
CVE-2016-0781
2017-05-2517:00:00
dell
www.cve.org
2
EPSS
0.001
Percentile
38.3%
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
CNA Affected
[
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "v208 to v231"
},
{
"status": "affected",
"version": "Login-server v1.6 to v1.14"
},
{
"status": "affected",
"version": "UAA v2.0.0 to v2.7.4.1"
},
{
"status": "affected",
"version": "UAA v3.0.0 to v3.2.0"
},
{
"status": "affected",
"version": "UAA-Release v2 to v7"
},
{
"status": "affected",
"version": "Elastic Runtime 1.6.x versions prior to 1.6.20"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2017-05-25 17:29:00
nvd
nvd
CVE-2016-0781
2017-05-25 17:29:00
cve
cve
CVE-2016-0781
2017-05-25 17:29:00
osv
osv
CVE-2016-0781
2017-05-25 17:29:00