CVE-2016-0926: XSS
First published: Sun Sep 18 2016(Updated: )
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pivotal Cloud Foundry Elastic Runtime | >=1.6.0<1.6.32 | |
| Pivotal Cloud Foundry Elastic Runtime | >=1.7.0<1.7.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2016-0926?
CVE-2016-0926 is considered a high-severity cross-site scripting vulnerability that allows remote code injection.
How do I fix CVE-2016-0926?
To fix CVE-2016-0926, upgrade Pivotal Cloud Foundry Elastic Runtime to version 1.6.32 or later, or 1.7.8 or later.
What software is affected by CVE-2016-0926?
CVE-2016-0926 affects Pivotal Cloud Foundry Elastic Runtime versions prior to 1.6.32 and 1.7.x before 1.7.8.
What types of attacks can CVE-2016-0926 facilitate?
CVE-2016-0926 can facilitate remote attackers to inject arbitrary web scripts or HTML through cross-site scripting attacks.
When was CVE-2016-0926 discovered?
CVE-2016-0926 was publicly disclosed in 2016.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/pivotal software
- canonical/pivotal cloud foundry elastic runtime
- version/pivotal cloud foundry elastic runtime/1.6.0
- version/pivotal cloud foundry elastic runtime/1.7.0