Описание
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.2:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79