Description

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Remediation

References

https://pivotal.io/security/cve-2016-0781

Related Vulnerabilities

CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

CVE-2020-2253 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2020-1941 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2018-7307 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2014-3501 Vulnerability in npm package cordova-android

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory