Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Remediation

References

http://www.securityfocus.com/bid/103462

https://pivotal.io/security/cve-2018-1229

Related Vulnerabilities

CVE-2019-0232 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2017-16821 Vulnerability in maven package org.b3log:symphony

CVE-2019-17495 Vulnerability in maven package org.webjars:swagger-ui

CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-common

CVE-2017-12625 Vulnerability in maven package org.apache.hive.hcatalog:hive-hcatalog-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory