VYPR
Medium severity6.1NVD Advisory· Published May 25, 2017· Updated Jun 17, 2026

CVE-2016-0781

CVE-2016-0781

Description

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

Affected products

62
  • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*
  • cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*
    • (no CPE)range: v208 to v231
    • (no CPE)range: v208 to v231
  • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
  • Cloudfoundry/Uaa5 versions
    cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*range: <=2.7.4.1
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*
  • UAA/UAAllm-create
    Range: v2.0.0 to v2.7.4.1, v3.0.0 to v3.2.0
  • UAA/UAA-Releasellm-create
    Range: v2 to v7
  • Pivot/Pivotllm-fuzzy
    Range: <1.6.20

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.