What is CVE-2016-0781?

CVE-2016-0781 is a medium-severity vulnerability in Cloudfoundry Cloud_foundry_uaa_bosh, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-05-25.

How severe is CVE-2016-0781?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Cloudfoundry Cloud_foundry_uaa_bosh

CVE-2016-0781

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (50.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cloudfoundry Cloud_foundry_uaa_bosh — versions 2, 3, 4
Pivotal Cloud Foundry — versions v208 to v231, Elastic Runtime 1.6.x versions prior to 1.6.20, UAA-Release v2 to v7
Pivotal_software Cloud_foundry — versions 208, 209, 210
Pivotal_software Cloud_foundry_elastic_runtime — versions 1.6.0, 1.6.1, 1.6.2
Pivotal_software Cloud_foundry_uaa — versions 3.0.0, 3.0.1, 3.1.0
Pivotal_software Login-server

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-0781?: CVE-2016-0781 is a medium-severity vulnerability in Cloudfoundry Cloud_foundry_uaa_bosh, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-05-25.
How severe is CVE-2016-0781?: Medium severity. CVSS v3 base score is 6.1 out of 10.