CVE-2017-8044 — Cross-site Scripting in Vmware Single Sign-on FOR Pivotal Cloud Foundry

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Single Sign-on FOR Pivotal Cloud Foundry

Timeline

PublishedNov 27

Latest updateMay 13

Description

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDvmware/single_sign-on5 versions+4

🔴Vulnerability Details

GHSA

GHSA-x62g-3rgq-g655: In Pivotal Single Sign-On for PCF (1↗2022-05-13

▶

CVEList

CVE-2017-8044: In Pivotal Single Sign-On for PCF (1↗2017-11-27

▶