CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

CVE-2026-41845 Spring Framework Cross-site Scripting via JavaScriptUtils

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

7.1CVSS

Exploits0References1

NVD•added 2020/01/10 2:15 p.m.•24 views

CVE-2013-6430

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...

5.4CVSS5.5AI score0.00315EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by