CVE-2018-1229

State: PUBLISHED · Published: 2018-03-21 · Updated: 2024-09-17 · Assigner: dell

Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

CWE

CWE-79 — CWE-79 - Cross-site Scripting (XSS) - Stored

Affected

Spring by Pivotal / Spring Batch Admin — v=All [affected]

CVSS

(none)

References

http://www.securityfocus.com/bid/103462 vdb-entry, x_refsource_BID
https://pivotal.io/security/cve-2018-1229 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1229.json