Medium severity6.1NVD Advisory· Published May 25, 2017· Updated Jun 17, 2026
CVE-2016-0781
CVE-2016-0781
Description
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
Affected products
62cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*
- (no CPE)range: v208 to v231
- (no CPE)range: v208 to v231
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*range: <=2.7.4.1
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*
- Range: v2 to v7
Patches
Vulnerability mechanics
References
1- pivotal.io/security/cve-2016-0781nvdVendor Advisory
News mentions
0No linked articles in our index yet.