Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x before 2.2.1 and 2.1.x before 2.1.8 and 2.0.x before 2.0.17 and 1.12.x before 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software pivotal application service |