Stored Cross-Site Scripting Vulnerability in Spring Batch Admin by Pivotal
CVE-2017-12882

5.4MEDIUM

Key Information:

Vendor: Spring Batch Admin Project
Status: Spring Batch Admin
Vendor: CVE Published:; 18 August 2017

What is CVE-2017-12882?

A stored Cross-Site Scripting (XSS) vulnerability exists in the file upload functionality of Spring Batch Admin prior to version 1.3.0. This flaw allows remote authenticated users to inject malicious JavaScript or HTML content. If an attacker successfully exploits this vulnerability, they could compromise user sessions or redirect users to harmful sites. Secure your applications by updating to a patched version to prevent potential misuse of this vulnerability.

References

http://www.openwall.com/lists/oss-security/2017/08/16/5

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/100410

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 18, 2017
Vulnerability Reserved
Aug 16, 2017

Spring Batch Admin Project

What is CVE-2017-12882?

References

CVSS V3.1

Timeline