1879 matches found
CVE-2020-5398
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...
Pivotal Software Spring Framework Cross-Site Request Forgery Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site request forgery vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to...
Pivotal Software Spring Framework Cross-Site Scripting Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site scripting vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to 5.2.3,...
PT-2020-2651 · Oracle +2 · Oracle Retail Order Broker +2
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.0.x prior to 5.0.16 Spring Framework versions 5.1.x prior to 5.1.13 Spring Framework versions 5.2.x prior to 5.2.3 Oracle Retail Order Broker affected versions not specified Description: The issue exists due to...
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
DEBIAN-CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
Cross site scripting
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
UBUNTU-CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
CVE-2013-6430
CVE-2013-6430 affects Spring Framework (Spring MVC) via the JavaScriptUtils.javaScriptEscape method, which fails to escape certain characters, enabling XSS via line/paragraph separators and angle brackets. The issue is documented for Spring Framework versions before 3.2.2. Connected advisories (D...
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
DEBIAN-CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
Deserialization of untrusted data
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
UBUNTU-CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
Pivotal Software Spring Framework Code Issue Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A code issue vulnerability exists in Pivotal Software Spring Framework version 4.1.4, which can be exploited by ...
CVE-2016-1000027
CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...