Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1229 Vulnerability in maven package org.springframework.batch:spring-batch-admin

Description

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Remediation

References

http://www.securityfocus.com/bid/103462

https://pivotal.io/security/cve-2018-1229

Related Vulnerabilities

CVE-2022-40151 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2019-10757 Vulnerability in npm package knex

CVE-2017-18077 Vulnerability in maven package org.webjars.npm:brace-expansion

CVE-2018-11651 Vulnerability in maven package org.graylog2:graylog2-server

CVE-2020-12265 Vulnerability in maven package org.webjars:decompress-tar

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory