Medium
The OpenJS Foundation
Cloud Foundry UAA versions prior to 73.3.0, contains a vulnerable version of jQuery. A remote attacker can perform Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2019-07-08: Initial vulnerability report published.