Vulnerability Details CVE-2017-8044
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-8044
-
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0
-
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.2
-
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.3
-
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.1
-
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.2