Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Remediation

References

CVE-2018-1000129

Related Vulnerabilities

Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.5)

WordPress Plugin WP-Spreadplugin Cross-Site Scripting (3.8.6)

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)

WordPress Plugin Import and export users and customers Cross-Site Scripting (1.14.1.2)

Ruby Other Vulnerability (CVE-2012-5380)

Severity

Medium

Classification

CVE-2018-1000129 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities