CVE-2017-8044

Summary

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

Affected Software

VendorProductVersion RangeStatus
n/aSingle Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3affected

Weaknesses

  • XSS vulnerability

ADP Enrichment

CVE Program Container

Additional References

References