CVE-2018-1000129 – org.jolokia:jolokia-core

Package

Manager: maven
Name: org.jolokia:jolokia-core
Vulnerable Version: >=1.3.7 <1.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.72147 pctl0.987

Details

Cross-site Scripting in Jolokia agent An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Metadata

Created: 2022-05-14T01:27:45Z
Modified: 2022-06-30T18:25:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hfpg-gqjw-779m/GHSA-hfpg-gqjw-779m.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hfpg-gqjw-779m
Finding: F008
Auto approve: 1