CVE-2017-12882

MEDIUM

Spring Batch Admin < 1.2.1 - XSS

Title source: rule

Description

Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/08/16/5

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100410

Scores

CVSS v3 5.4

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

spring_batch_admin_project/spring_batch_admin < 1.2.1

org.springframework.batch/spring-batch-admin-manager < 1.3.0.RELEASEMaven

n/a/n/a

Published Aug 18, 2017

Tracked Since Feb 18, 2026