CVE-2018-1229

MEDIUM6.1EPSS 0.30%

Cross-site Scripting in Pivotal Spring Batch Admin

發布日:2022/5/13修改日:2024/2/16

描述

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

受影響套件(1)

Maven/org.springframework.batch:spring-batch-admin-managerfrom 0, <= 2.0.0.M1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1229
WEBhttps://pivotal.io/security/cve-2018-1229
WEBhttp://www.securityfocus.com/bid/103462