CVE-2016-0926 Apps Manager XSS vulnerability
Severity
High
Vendor
Pivotal
Versions Affected
- Pivotal Elastic Runtime 1.6.x versions prior to 1.6.32
- Pivotal Elastic Runtime 1.7.x versions prior to 1.7.8
Description
A vulnerability in AngularJS enables a stored Cross-Site Scripting attack on Pivotal Cloud Foundry Apps Manager.
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.32 or later 1.6.x versions
- Upgrade Pivotal Elastic Runtime 1.7.x versions to 1.7.8 or later versions
Credit
Joe Blac and Dor Tumarkin, Cisco Security consultants