CVE-2016-0926 Apps Manager XSS vulnerability


Severity

High

Vendor

Pivotal

Versions Affected
  • Pivotal Elastic Runtime 1.6.x versions prior to 1.6.32
  • Pivotal Elastic Runtime 1.7.x versions prior to 1.7.8
Description

A vulnerability in AngularJS enables a stored Cross-Site Scripting attack on Pivotal Cloud Foundry Apps Manager.

Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.32 or later 1.6.x versions
  • Upgrade Pivotal Elastic Runtime 1.7.x versions to 1.7.8 or later versions
Credit

Joe Blac and Dor Tumarkin, Cisco Security consultants

References