Stored Cross-Site Scripting in Spring Boot Admin by Pivotal Software
CVE-2020-19704

5.4MEDIUM

Key Information:

Vendor: Spring-boot-admin Project
Status: Spring-boot-admin
Vendor: CVE Published:; 26 August 2021

What is CVE-2020-19704?

In Spring Boot Admin, a stored cross-site scripting vulnerability can be exploited via ResourceController.java, allowing attackers to inject and execute arbitrary web scripts or HTML. This poses significant security risks as malicious code can be executed by users interacting with the compromised application, potentially leading to data breaches, unauthorized access, or further attacks.

References

https://github.com/sail-y/spring-boot-admin/issues/7

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 26, 2021
Vulnerability Reserved
Aug 13, 2020

Spring-boot-admin Project

What is CVE-2020-19704?

References

CVSS V3.1

Timeline