3 matches found
CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...
Linux Distros Unpatched Vulnerability : CVE-2026-41846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScrip...
Spring Framework Cross-site Scripting via JSP Form Tags
Spring MVC applications which accept user-supplied values in the cssClass , cssErrorClass , or cssStyle attributes of JSP tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability...