Vulnerability Details : CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-1229
- cpe:2.3:a:pivotal_software:spring_batch_admin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1229
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1229
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-1229
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2018-1229
-
https://pivotal.io/security/cve-2018-1229
CVE-2018-1229: Stored XSS in file upload of Spring Batch Admin | Security | PivotalVendor Advisory
-
http://www.securityfocus.com/bid/103462
Pivotal Spring Batch Admin CVE-2018-1229 HTML Injection VulnerabilityThird Party Advisory;VDB Entry
Jump to