Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00Y2o4LTc3OWgtcjI1aM4AARGf
Cross-site Scripting in Pivotal Spring Batch Admin
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
Permalink: https://github.com/advisories/GHSA-4cj8-779h-r25hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Y2o4LTc3OWgtcjI1aM4AARGf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 4 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-4cj8-779h-r25h, CVE-2018-1229
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1229
- https://pivotal.io/security/cve-2018-1229
- http://www.securityfocus.com/bid/103462
- https://github.com/advisories/GHSA-4cj8-779h-r25h
Affected Packages
maven:org.springframework.batch:spring-batch-admin-manager
Dependent packages: 7Dependent repositories: 190
Downloads:
Affected Version Ranges: <= 2.0.0.M1
No known fixed version
All affected versions: