CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1190
https://notcve.org/view.php?id=CVE-2018-1190
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management. Se ha encontrado un problema en los siguientes productos Pivotal Cloud Foundry: todas las versiones anteriores a cf-release v270, UAA v3.x anteriores a la v3.20.2 y UAA bosh v30.x en versiones anteriores al a v30.8 y todas las demás versiones anteriores a la v45.0. Es posible un ataque Cross-Site Scripting (XSS) en el parámetro clientId de una petición al endpoint UAA OpenID Connect check session iframe utilizado para gestionar las sesiones Single-Logout. • http://www.securityfocus.com/bid/102427 https://www.cloudfoundry.org/cve-2018-1190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •