Description

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Remediation

References

https://pivotal.io/security/cve-2016-0781

Related Vulnerabilities

CVE-2022-38180 Vulnerability in maven package io.ktor:ktor-client-core

CVE-2017-5641 Vulnerability in maven package com.adobe.blazeds:flex-messaging-core

CVE-2022-46685 Vulnerability in maven package org.jenkins-ci.plugins:gitea

CVE-2022-31684 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http

CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory