Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12882

CVE-2017-12882 : Stored XSS in Spring Batch Admin pre-1.3.0 via the file upload feature. Root cause: unescaped input leading to execution of arbitrary JavaScript/HTML in authenticated user sessions. Affected: Spring Batch Admin versions before 1.3.0. Remediation: upgrade to 1.3.0 or later (patch/...

CVE-2017-12881

The CVE-2017-12881 entry concerns Spring Batch Admin prior to version 1.3.0 that is vulnerable to Cross-Site Request Forgery (CSRF) on its file-upload functionality. The vulnerability would allow an attacker to hijack a victim’s authenticated session and submit arbitrary requests, including explo...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

SQL Injection Vulnerability in MZD Web Platform of Changsha Spring Culture Communication Co.

MZD network platform software is Spring's set of years of practical experience in diskless network and the actual needs of customers, independent research and development completed a server/client mode operation, to provide professional diskless guidance services for the client's management...

Spring Dragon – Updated Activity

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and...

Apache Struts Spring AOP DoS Vulnerability (S2-049) - Linux

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...

Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)

The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when handling a specially crafted URL in a form field when the built-in URL validator is used. An unauthenticated,...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

Code injection

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

CVE-2017-9787

CVE-2017-9805 affects the Apache Struts 2 REST plugin, where the REST Plugin uses an XStreamHandler with an unfiltered XStream instance, enabling remote code execution via crafted XML data. Affected are Struts 2.x releases containing REST plugin: 2.5.x prior to 2.5.13 and 2.3.x prior to 2.3.34 (p...

Apache Struts2 S2-049 Denial of Service Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 S2-049 denial of service vulnerability , the reason for this vulnerability is that Struts2 call Spring security AOP proxy...

baltimoreticketsales.com XSS vulnerability

Vulnerable URL: https://www.baltimoreticketsales.com/tickets.php?/Ugly-God/The-Fillmore-Silver-Spring-MD/=1"...

sdm.scad.edu XSS vulnerability

Vulnerable URL: https://sdm.scad.edu/intranet/students/map.php?quarter=Spring%202017=309=1"...