VYPR
Medium severity6.1NVD Advisory· Published Nov 27, 2017· Updated Jun 17, 2026

CVE-2017-8044

CVE-2017-8044

Description

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

Affected products

5
  • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.2:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.