EUVD-2016-0796

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Vulnerable versions of Cloud Foundry OAuth pages can be exploited via XSS attacks with JavaScript.

Reporter	Title	Published	Views	Family All 6
CNVD	HTML Injection Vulnerability in Multiple Pivotal Products	19 Jul 201600:00	–	cnvd
CVE	CVE-2016-0781	25 May 201717:00	–	cve
Cvelist	CVE-2016-0781	25 May 201717:00	–	cvelist
NVD	CVE-2016-0781	25 May 201717:29	–	nvd
OSV	CVE-2016-0781	25 May 201717:29	–	osv
Prion	Design/Logic Flaw	25 May 201717:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "8ea1ffbd-a54c-3468-a743-de06d45b8f91",
        "vendor": {
          "name": "Pivotal"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00c66485-8343-31ff-9843-0eea69e0d6e7",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "UAA-Release v2 to v7"
      },
      {
        "id": "0179aea8-a0e7-3c44-9c93-4d7add41b36a",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "v208 to v231"
      },
      {
        "id": "1d5e1305-437d-3bc4-907e-90be0f88e646",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "Elastic Runtime 1.6.x versions prior to 1.6.20"
      },
      {
        "id": "409054d3-e5bd-33ba-844a-22ad30dd9746",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "UAA v2.0.0 to v2.7.4.1"
      },
      {
        "id": "e3b15176-9ffd-35a5-8f17-52436fada2dc",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "Login-server v1.6 to v1.14"
      },
      {
        "id": "fb9f7694-2f6b-394e-a22e-3bde93c00365",
        "product": {
          "name": "Cloud Foundry"
        },
        "product_version": "UAA v3.0.0 to v3.2.0"
      }
    ]
  }
]

Source	Link
pivotal	www.pivotal.io/security/cve-2016-0781
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.3Medium risk

Vulners AI Score6.3

CVSS 36.1

CVSS 24.3

EPSS0.00266

vulnerability xss attack oauth pages cloud foundry javascript