CVE-2018-1229 – org.springframework.batch:spring-batch-admin-manager

Package

Manager: maven
Name: org.springframework.batch:spring-batch-admin-manager
Vulnerable Version: >=0 <=2.0.0.m1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00304 pctl0.53152

Details

Cross-site Scripting in Pivotal Spring Batch Admin Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Metadata

Created: 2022-05-13T01:33:25Z
Modified: 2024-01-05T22:29:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4cj8-779h-r25h/GHSA-4cj8-779h-r25h.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4cj8-779h-r25h
Finding: F425
Auto approve: 1