CVE-2017-12881

The CVE-2017-12881 entry concerns Spring Batch Admin prior to version 1.3.0 that is vulnerable to Cross-Site Request Forgery (CSRF) on its file-upload functionality. The vulnerability would allow an attacker to hijack a victim’s authenticated session and submit arbitrary requests, including explo...

CVE-2017-12882

CVE-2017-12882 : Stored XSS in Spring Batch Admin pre-1.3.0 via the file upload feature. Root cause: unescaped input leading to execution of arbitrary JavaScript/HTML in authenticated user sessions. Affected: Spring Batch Admin versions before 1.3.0. Remediation: upgrade to 1.3.0 or later (patch/...