CVE-2016-0926 Apps Manager XSS vulnerability
- Pivotal Elastic Runtime 1.6.x versions prior to 1.6.32
- Pivotal Elastic Runtime 1.7.x versions prior to 1.7.8
A vulnerability in AngularJS enables a stored Cross-Site Scripting attack on Pivotal Cloud Foundry Apps Manager.
Users of affected versions should apply the following mitigation:
- Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.32 or later 1.6.x versions
- Upgrade Pivotal Elastic Runtime 1.7.x versions to 1.7.8 or later versions
Joe Blac and Dor Tumarkin, Cisco Security consultants