An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-4320 | An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management. |
![]() |
GHSA-j97q-9xp9-g5fx | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: dell
Published:
Updated: 2024-08-05T03:51:48.920Z
Reserved: 2017-12-06T00:00:00
Link: CVE-2018-1190

No data.

Status : Modified
Published: 2018-01-04T06:29:00.467
Modified: 2024-11-21T03:59:21.920
Link: CVE-2018-1190

No data.

No data.