CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-41845

The CVE-2026-41845 entry affects Spring Framework versions 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The issue stems from incorrect escaping in JavaScriptUtils.javaScriptEscape(), which may allow JavaScript code injection in the browser and enable cross-site scripting (XSS). The ...

7.1CVSS5.3AI score

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-5814

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00315EPSS

Exploits0References14

OSV•added 2020/01/10 2:15 p.m.•7 views

CVE-2013-6430

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...

5.4CVSS5.2AI score0.00315EPSS

Exploits0References4

Debian CVE•added 2020/01/10 1:28 p.m.•25 views

CVE-2013-6430

5.4CVSS5.5AI score0.00315EPSS

Exploits0

Mageia•added 2014/02/25 9:35 p.m.•50 views

Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS0.6AI score0.38725EPSS

Exploits0References2