Cross-Site Scripting Vulnerability in Spring Framework by Pivotal
CVE-2014-1904

Currently unrated

Key Information:

Vendor
CVE Published:
20 March 2014

What is CVE-2014-1904?

A Cross-Site Scripting (XSS) vulnerability exists in the Spring Framework, specifically in web/servlet/tags/form/FormTag.java. This vulnerability allows remote attackers to insert arbitrary web scripts or HTML through crafted requests via the URI in default action scenarios. This weakness affects versions prior to Spring Framework 3.2.8 and 4.0.2, posing a significant risk to applications utilizing these affected versions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.