Description
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
Remediation
References
http://www.securityfocus.com/bid/103462
https://pivotal.io/security/cve-2018-1229
Related Vulnerabilities
CVE-2017-7545 Vulnerability in maven package org.jbpm:jbpm-designer-backend
CVE-2021-35517 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2020-9298 Vulnerability in maven package com.netflix.spinnaker.orca:orca-core
CVE-2020-7684 Vulnerability in npm package rollup-plugin-serve
CVE-2016-4436 Vulnerability in maven package org.apache.struts:struts2-core