Cross-Site Scripting Vulnerability in Spring Framework by Pivotal
CVE-2014-1904
Currently unrated
What is CVE-2014-1904?
A Cross-Site Scripting (XSS) vulnerability exists in the Spring Framework, specifically in web/servlet/tags/form/FormTag.java. This vulnerability allows remote attackers to insert arbitrary web scripts or HTML through crafted requests via the URI in default action scenarios. This weakness affects versions prior to Spring Framework 3.2.8 and 4.0.2, posing a significant risk to applications utilizing these affected versions.
