Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-0781

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

  • Published: May 25, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-0781
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
pivotal_software / cloud_foundry_elastic_runtime 1.6.5 1.6.5.x
pivotal_software / cloud_foundry_uaa 3.2.0 3.2.0.x
pivotal_software / cloud_foundry 231 231.x
pivotal_software / cloud_foundry_uaa 3.0.1 3.0.1.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.13 1.6.13.x
pivotal_software / cloud_foundry 241 241.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.7 1.6.7.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.6 1.6.6.x
pivotal_software / cloud_foundry_uaa 3.0.0 3.0.0.x
pivotal_software / cloud_foundry 211 211.x
pivotal_software / cloud_foundry 209 209.x
pivotal_software / cloud_foundry_uaa - 2.7.4.1.x
pivotal_software / cloud_foundry 226 226.x
pivotal_software / cloud_foundry 213 213.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.9 1.6.9.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.14 1.6.14.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.17 1.6.17.x
pivotal_software / cloud_foundry 212 212.x
pivotal_software / cloud_foundry 218 218.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.10 1.6.10.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.0 1.6.0.x
pivotal_software / cloud_foundry_uaa 3.1.0 3.1.0.x
pivotal_software / cloud_foundry 223 223.x
pivotal_software / cloud_foundry 229 229.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.2 1.6.2.x
pivotal_software / cloud_foundry 210 210.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.15 1.6.15.x
pivotal_software / cloud_foundry 217 217.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.3 1.6.3.x
pivotal_software / cloud_foundry 220 220.x
pivotal_software / cloud_foundry 228 228.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.11 1.6.11.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.4 1.6.4.x
pivotal_software / cloud_foundry 215 215.x
pivotal_software / cloud_foundry 225 225.x
pivotal_software / cloud_foundry 214 214.x
pivotal_software / cloud_foundry 222 222.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.18 1.6.18.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.12 1.6.12.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.16 1.6.16.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.8 1.6.8.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.1 1.6.1.x
pivotal_software / cloud_foundry_elastic_runtime 1.6.19 1.6.19.x
pivotal_software / cloud_foundry 230 230.x
pivotal_software / cloud_foundry 219 219.x
pivotal_software / cloud_foundry 221 221.x
pivotal_software / cloud_foundry 227 227.x
pivotal_software / cloud_foundry 208 208.x
pivotal_software / cloud_foundry 224 224.x
pivotal_software / cloud_foundry 216 216.x
cloudfoundry / cloud_foundry_uaa_bosh 6 6.x
cloudfoundry / cloud_foundry_uaa_bosh 7 7.x
cloudfoundry / cloud_foundry_uaa_bosh 4 4.x
cloudfoundry / cloud_foundry_uaa_bosh 5 5.x
cloudfoundry / cloud_foundry_uaa_bosh 2 2.x
cloudfoundry / cloud_foundry_uaa_bosh 3 3.x