CVE-2018-1229

Published: Mar 21, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Affected (1)

Products: Pivotal Software: Spring Batch Admin

Pivotal Software

1 product

Spring Batch Admin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Spring Batch Admin	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/bid/103462

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://pivotal.io/security/cve-2018-1229

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/103462

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://pivotal.io/security/cve-2018-1229

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.