Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-0781

Опубликовано: 25 мая 2017
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*
Версия до 2.7.4.1 (включая)
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00266
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-cfh6-j4mw-8cx7

CVSS3: 6.1
github
больше 3 лет назад

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

EPSS

Процентиль: 50%
0.00266
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79