EPSS
Percentile
40.7%
cloudfoundry-identity-uaa is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary Javascript through the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint.
clientId
www.securityfocus.com/bid/102427
www.cloudfoundry.org/cve-2018-1190/