Cross-site Scripting (XSS)

2017-08-2110:14:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

22.9%

JSON

spring-batch-admin is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute malicious javascript through the file upload function.

CPENameOperatorVersion
managerle2.0.0.M1
managerle2.0.0.M1

CPE	Name	Operator	Version
	manager	le	2.0.0.M1
	manager	le	2.0.0.M1

References

www.openwall.com/lists/oss-security/2017/08/16/5

github.com/spring-projects/spring-batch-admin/blob/1.3.1.RELEASE/spring-batch-admin-manager/src/main/resources/org/springframework/batch/admin/web/manager/files/html/files.ftl#L64

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for VERACODE:4926