CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

Xxe

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774 Spring Batch XML External Entity Injection (XXE)

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774

CVE-2019-3774 affects Spring Batch versions 3.0.9, 4.0.1, 4.1.0 and older unsupported versions. It is caused by an XML External Entity (XXE) vulnerability when processing XML data from untrusted sources. Public scoring indicates high severity (CVSS v3 base 9.8; v2 base 7.5). No remediation or fix...

XML External Entity Injection (XXE)

Spring Batch Core is vulnerable to XML external entity injection XXE. The vulnerability exists because it fails to disable Document Type Definition External Entities by default, allowing an attacker to perform XXE attacks using malicious XML data input...

Pivotal Spring Batch Admin Cross-Site Request Forgery Vulnerability

Pivotal Spring Batch Admin is the U.S. Pivotal Software's set of open source tools for monitoring and managing the Spring Batch system . A cross-site request forgery vulnerability exists in Pivotal Spring Batch Admin, which arises from the program's failure to implement security protections to...

Pivotal Spring Batch Admin Cross-Site Scripting Vulnerability

Pivotal Spring Batch Admin is the U.S. Pivotal Software's set of open source tools for monitoring and managing the Spring Batch system . A cross-site scripting vulnerability exists in the file upload feature in Pivotal Spring Batch Admin. A remote attacker can exploit this vulnerability by sendin...

Cross-site Request Forgery (CSRF)

spring-batch-admin-manager is vulnerable to cross-site request forgery CSRF attacks. These attacks can be performed if a malicious website is set up that executes requests to the Spring Batch Admin...

Cross-site Scripting (XSS)

spring-batch-admin-manager is vulnerable to stored cross-site scripting XSS attacks. Attackers can inject arbitrary webscript or HTML using the file upload feature...

Cross site request forgery (csrf)

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life...

Cross site scripting

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

CVE-2018-1230

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life...

CVE-2018-1229

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

CVE-2018-1229

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

CVE-2018-1230

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life...

CVE-2018-1230

CVE-2018-1230 concerns a CSRF vulnerability in Pivotal Spring Batch Admin across all versions. According to the connected records, the product does not implement CSRF protections, allowing a remote unauthenticated attacker to induce a user’s browser to perform unauthorized actions against Spring ...

CVE-2018-1229

The CVE-2018-1229 entry affects Pivotal Spring Batch Admin (all versions). It describes a stored cross-site scripting (XSS) vulnerability in the file upload feature that could allow an unauthenticated attacker with network access to store a script executed by other users. The issue is not patched...

Cross-site Request Forgery (CSRF)

spring-batch-admin is vulnerable to cross-site request forgery CSRF attacks. The library does not use CSRF tokens, allowing a malicious user to hijack the authentication of other users and submit arbitrary requests through the file upload page...

Pivotal Software Spring Batch Admin Cross-Site Scripting Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site scripting vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML v...