Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Remediation

References

https://pivotal.io/security/cve-2018-1229

http://www.securityfocus.com/bid/103462

Related Vulnerabilities

CVE-2019-10320 Vulnerability in maven package org.jenkins-ci.plugins:credentials

CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-client-registration-api

CVE-2022-36883 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2012-2733 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2023-43499 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry