Lucene search
K

8 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 1:14 a.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-testpage-overlay (>=0.4 <=0.5), ch.ralscha:extdirectspring (=1.4.0) +75 more potentially affected by CVE-2014-1904 via org.springframework:spring-webmvc (>=4.0.0.RELEASE <=4.0.1.RELEASE)

org.springframework:spring-webmvc MAVEN version =4.0.0.RELEASE, =0.4, =0.1.1-alpha, =0.2-alpha, =1.0.0, =2.0.3.2.1, =2.1.3.10.1, =2.0.3.6, =2.0.3.6, =2.1.2.7.1, =2.0.3.1, =2.1.4.19 and more Source cves: CVE-2014-1904 Source advisory: OSV:GHSA-FF7P-JQJM-V66H...

4.3CVSS7.2AI score0.03348EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2014-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.5AI score0.91354EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.38 views

Debian DSA-2890-1 : libspring-java - security update

Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. - CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. - CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on ...

6.8CVSS8.1AI score0.91354EPSS
Exploits0References7
Debian
Debian
added 2014/03/29 7:21 p.m.40 views

[SECURITY] [DSA 2890-1] libspring-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2890-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2014 http://www.debian.org/security/faq -...

6.8CVSS7.3AI score0.91354EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/03/29 12:0 a.m.32 views

Debian Security Advisory DSA 2890-1 (libspring-java - security update)

Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework. CVE-2014-0054 Jaxb2RootElementHttpMessageConverter in Spring MVC processes external XML entities. CVE-2014-1904 Spring MVC introduces a cross-site scripting vulnerability if the action on a...

6.8CVSS0.3AI score0.91354EPSS
Exploits0References1
OSV
OSV
added 2014/03/29 12:0 a.m.29 views

DSA-2890-1 libspring-java - security update

Bulletin has no description...

6.8CVSS7.2AI score0.91354EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/03/28 12:0 a.m.33 views

Debian: Security Advisory (DSA-2890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.5AI score0.91354EPSS
Exploits0References3
CVE
CVE
added 2014/03/20 4:0 p.m.94 views

CVE-2014-1904

The CVE-2014-1904 entry is an XSS in Spring Framework’s Spring MVC FormTag: FormTag.java improperly handles user-supplied URIs in a default action, enabling remote script/HTML injection. Affected versions are Spring Framework 3.0.0 up to 3.2.7 (and 3.0.0–3.2.7 inclusive) and 4.0.0 up to 4.0.1 (4....

4.3CVSS5.7AI score0.03348EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder