Cross site scripting

2017-11-2710:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

CPENameOperatorVersion
single_sign-on_for_pivotal_cloud_foundryeq1.3.0
single_sign-on_for_pivotal_cloud_foundryeq1.3.2
single_sign-on_for_pivotal_cloud_foundryeq1.3.3
single_sign-on_for_pivotal_cloud_foundryeq1.4.1
single_sign-on_for_pivotal_cloud_foundryeq1.4.2

Name	Operator	Version
single_sign-on_for_pivotal_cloud_foundry	eq	1.3.0
single_sign-on_for_pivotal_cloud_foundry	eq	1.3.2
single_sign-on_for_pivotal_cloud_foundry	eq	1.3.3
single_sign-on_for_pivotal_cloud_foundry	eq	1.4.1
single_sign-on_for_pivotal_cloud_foundry	eq	1.4.2

References

www.securityfocus.com/bid/100618

pivotal.io/security/cve-2017-8044