CVE-2014-1904
Spring MVC <3.2.8, 4.0.0 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
References (9)
Scores
EPSS
0.0181
EPSS Percentile
82.7%
Details
CWE
CWE-79
Status
published
Products (3)
pivotal_software/spring_framework
< 3.2.8
org.springframework/spring-webmvc
< 3.2.8.RELEASEMaven
n/a/n/a
Published
Mar 20, 2014
Tracked Since
Feb 18, 2026