Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Remediation

References

http://www.securityfocus.com/bid/103462

https://pivotal.io/security/cve-2018-1229

Related Vulnerabilities

CVE-2019-10345 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12

CVE-2019-5416 Vulnerability in npm package localhost-now

CVE-2017-16024 Vulnerability in npm package sync-exec

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory