CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Remediation

References

https://jolokia.org/#Security_fixes_with_1.5.0

https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:3817

Related Vulnerabilities

CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-web-api

CVE-2018-1275 Vulnerability in maven package org.springframework:spring-messaging

CVE-2017-5644 Vulnerability in maven package org.apache.poi:poi-ooxml

CVE-2021-41184 Vulnerability in npm package jquery-ui

CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N