CVE-2017-8044: XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
Severity
Medium
Vendor
Pivotal
Description
Certain pages in Single Sign-On service allow code to be injected into the DOM environment through query parameters leading to XSS attacks.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Single Sign-On for PCF:
- 1.3.x versions prior to 1.3.4
- 1.4.x versions prior to 1.4.3
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Single Sign-On for PCF: 1.3.4, 1.4.3
References
History
2017-08-31: Initial vulnerability report published