CVE-2018-1000129
MEDIUM6.1EPSS 76.8%Cross-site Scripting in Jolokia agent
Published: 5/14/2022Modified: 11/8/2023
Description
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Affected packages (1)
- Maven/org.jolokia:jolokia-core>= 1.3.7, < 1.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000129
- PATCHhttps://github.com/rhuss/jolokia
- WEBhttps://access.redhat.com/errata/RHSA-2018:2669
- WEBhttps://access.redhat.com/errata/RHSA-2018:3817
- WEBhttps://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
- WEBhttps://github.com/rhuss/jolokia/releases/tag/v1.5.0
- WEBhttps://jolokia.org/#Security_fixes_with_1.5.0