In Pivotal Single Sign-On for PCF (1.3.x versions before 1.3.4 and 1.4.x versions before 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware single sign-on for pivotal cloud foundry 1.3.0 |
||
vmware single sign-on for pivotal cloud foundry 1.3.2 |
||
vmware single sign-on for pivotal cloud foundry 1.3.3 |
||
vmware single sign-on for pivotal cloud foundry 1.4.1 |
||
vmware single sign-on for pivotal cloud foundry 1.4.2 |