In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100618 | Third Party Advisory VDB Entry |
https://pivotal.io/security/cve-2017-8044 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2017-11-27T10:00:00
Updated: 2017-11-27T10:57:02
Reserved: 2017-04-21T00:00:00
Link: CVE-2017-8044
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-27T10:29:00.877
Modified: 2021-08-12T21:31:37.027
Link: CVE-2017-8044
JSON object: View
Redhat Information
No data.
CWE