CVE-2018-1000129

MEDIUM NUCLEI

Jolokia Agent <1.3.7 - XSS

Title source: llm

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/rhuss__jolokia_CVE-2018-1000129_1-4-0

View Code ZIP pw:eip

Nuclei Templates (1)

Jolokia 1.3.7 - Cross-Site Scripting

MEDIUMby mavericknerd,0h1in9e,daffainfo

References (4)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2669

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3817

[Patch, Third Party Advisory] https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad

[Vendor Advisory] https://jolokia.org/#Security_fixes_with_1.5.0

Scores

CVSS v3 6.1

EPSS 0.7678

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

jolokia/jolokia 1.3.7

org.jolokia/jolokia-core 1.3.7 - 1.5.0Maven

Published Mar 14, 2018

Tracked Since Feb 18, 2026