Cross-Site Scripting Vulnerability in Cloud Foundry and Related Products by Pivotal
CVE-2016-0781
6.1MEDIUM
What is CVE-2016-0781?
Certain versions of Cloud Foundry and related Pivotal products are susceptible to an exploitation involving cross-site scripting (XSS). This vulnerability arises when malicious JavaScript code is injected into OAuth scopes or SCIM group descriptions, allowing attackers to craft authentication requests that compromise user data and session integrity.
Affected Version(s)
Cloud Foundry v208 to v231
Cloud Foundry Login-server v1.6 to v1.14
Cloud Foundry UAA v2.0.0 to v2.7.4.1
