Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6504 matches found

UbuntuCve
UbuntuCveadded 2014/03/20 4:55 p.m.30 views

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS7.2AI score0.0181EPSS
Exploits0References5
Prion
Prionadded 2014/03/20 4:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS6AI score0.0181EPSS
Exploits0References9Affected Software1
OSV
OSVadded 2014/03/20 4:55 p.m.0 views

UBUNTU-CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS7.4AI score0.0181EPSS
Exploits0References6
CVE
CVEadded 2014/03/20 4:0 p.m.84 views

CVE-2014-1904

The CVE-2014-1904 entry is an XSS in Spring Framework’s Spring MVC FormTag: FormTag.java improperly handles user-supplied URIs in a default action, enabling remote script/HTML injection. Affected versions are Spring Framework 3.0.0 up to 3.2.7 (and 3.0.0–3.2.7 inclusive) and 4.0.0 up to 4.0.1 (4....

4.3CVSS5.7AI score0.0181EPSS
Exploits0References9Affected Software1
Cvelist
Cvelistadded 2014/03/20 4:0 p.m.26 views

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

5.4AI score0.0181EPSS
Exploits0References9
Debian CVE
Debian CVEadded 2014/03/20 4:0 p.m.21 views

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS8AI score0.0181EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2014/03/05 7:5 p.m.2 views

Framework: XML External Entity (XXE) injection flaw

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS7.3AI score0.67951EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2014/03/03 6:25 p.m.2 views

Framework: XML External Entity (XXE) injection flaw

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS7.3AI score0.67951EPSS
Exploits1References7
OSV
OSVadded 2014/02/25 9:35 p.m.5 views

MGASA-2014-0096 Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS5.3AI score0.38725EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2014/02/25 4:41 p.m.49 views

Moderate: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 roll up patch 4, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

6.8CVSS7.1AI score0.67951EPSS
Exploits2References4
RedHat Linux
RedHat Linuxadded 2014/02/25 4:41 p.m.3 views

Framework: XML External Entity (XXE) injection flaw

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

6.8CVSS7.3AI score0.67951EPSS
Exploits1References7
OSV
OSVadded 2014/02/10 7:51 p.m.6 views

MGASA-2014-0042 Updated springframework packages fix CVE-2013-4152

Updated springframework packages fix security vulnerability: Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites CVE-2013-4152...

6.8CVSS5.7AI score0.67951EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2014/02/10 12:0 a.m.41 views

Debian DSA-2857-1 : libspring-java - several vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS7AI score0.67951EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2014/02/10 12:0 a.m.43 views

JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...

7.5CVSS7.2AI score0.92712EPSS
Exploits8
Debian
Debianadded 2014/02/08 2:41 p.m.43 views

[SECURITY] [DSA 2857-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2857-1 [email protected] http://www.debian.org/security/ Markus Koschany February 08, 2014 http://www.debian.org/security/faq -...

6.8CVSS6.9AI score0.67951EPSS
Exploits1
OpenVAS
OpenVASadded 2014/02/08 12:0 a.m.47 views

Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS5.8AI score0.67951EPSS
Exploits1References1
OSV
OSVadded 2014/02/08 12:0 a.m.31 views

DSA-2857-1 libspring-java - several

Bulletin has no description...

6.8CVSS5.6AI score0.38725EPSS
Exploits0
OSV
OSVadded 2014/01/26 4:58 p.m.7 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS5.6AI score0.38725EPSS
Exploits0References7
OSV
OSVadded 2014/01/26 4:58 p.m.1 views

DEBIAN-CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS9.1AI score0.38725EPSS
Exploits0References1
NVD
NVDadded 2014/01/26 4:58 p.m.18 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.2AI score0.38725EPSS
Exploits0References7
Rows per page
Query Builder