CVE-2016-0926

Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
pivotal_softwarecloud_foundry_elastic_runtime
1.6.0 ≤
𝑥
< 1.6.32
pivotal_softwarecloud_foundry_elastic_runtime
1.7.0 ≤
𝑥
< 1.7.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/91677
https://pivotal.io/security/cve-2016-0926
http://www.securityfocus.com/bid/91677
https://pivotal.io/security/cve-2016-0926