CVE-2018-1229

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

CVE-2018-1229

The CVE-2018-1229 entry affects Pivotal Spring Batch Admin (all versions). It describes a stored cross-site scripting (XSS) vulnerability in the file upload feature that could allow an unauthenticated attacker with network access to store a script executed by other users. The issue is not patched...

Cross-site Request Forgery (CSRF)

spring-batch-admin is vulnerable to cross-site request forgery CSRF attacks. The library does not use CSRF tokens, allowing a malicious user to hijack the authentication of other users and submit arbitrary requests through the file upload page...

Pivotal Software Spring Batch Admin Cross-Site Scripting Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site scripting vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML v...

Pivotal Software Spring Batch Admin Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Batch Admin is a monitoring and management tool from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Batch Admin versions prior to 1.3.0. A remote attacker can exploit this vulnerability to perform unauthorized operations...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-12882

CVE-2017-12882 : Stored XSS in Spring Batch Admin pre-1.3.0 via the file upload feature. Root cause: unescaped input leading to execution of arbitrary JavaScript/HTML in authenticated user sessions. Affected: Spring Batch Admin versions before 1.3.0. Remediation: upgrade to 1.3.0 or later (patch/...

CVE-2017-12881

The CVE-2017-12881 entry concerns Spring Batch Admin prior to version 1.3.0 that is vulnerable to Cross-Site Request Forgery (CSRF) on its file-upload functionality. The vulnerability would allow an attacker to hijack a victim’s authenticated session and submit arbitrary requests, including explo...

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...