CVE-2016-0926

EUVD-2016-0937
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
pivotal_softwarecloud_foundry_elastic_runtime
1.6.0 ≤
𝑥
< 1.6.32
pivotal_softwarecloud_foundry_elastic_runtime
1.7.0 ≤
𝑥
< 1.7.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/91677
https://pivotal.io/security/cve-2016-0926
http://www.securityfocus.com/bid/91677
https://pivotal.io/security/cve-2016-0926