CVE-2017-8041Cross-site Scripting in Vmware Single Sign-on FOR Pivotal Cloud Foundry

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 58.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Single Sign-on FOR Pivotal Cloud Foundry
Timeline
PublishedSep 9
Latest updateMay 13

Description

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDvmware/single_sign-on7 versions+6

Patches

Patch: pivotal.ioPatch: pivotal.io

🔴Vulnerability Details

2
GHSA
GHSA-c8px-2q5w-fhjm: In Single Sign-On for Pivotal Cloud Foundry (PCF) 12022-05-13
CVEList
CVE-2017-8041: In Single Sign-On for Pivotal Cloud Foundry (PCF) 12017-09-09
CVE-2017-8041 — Cross-site Scripting in Vmware | cvebase