Pivotal Software Spring Batch Admin Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to perform unauthorized operations...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12882

CVE-2017-12882 : Stored XSS in Spring Batch Admin pre-1.3.0 via the file upload feature. Root cause: unescaped input leading to execution of arbitrary JavaScript/HTML in authenticated user sessions. Affected: Spring Batch Admin versions before 1.3.0. Remediation: upgrade to 1.3.0 or later (patch/...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12881

The CVE-2017-12881 entry concerns Spring Batch Admin prior to version 1.3.0 that is vulnerable to Cross-Site Request Forgery (CSRF) on its file-upload functionality. The vulnerability would allow an attacker to hijack a victim’s authenticated session and submit arbitrary requests, including explo...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...