Back to search
CVE-2016-0781
Published: May 25, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | Cloud Foundry | affected v208 to v231affected Login-server v1.6 to v1.14affected UAA v2.0.0 to v2.7.4.1affected UAA v3.0.0 to v3.2.0affected UAA-Release v2 to v7+1 more versions |
References
https://pivotal.io/security/cve-2016-0781
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now