Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2013-6430

Опубликовано: 10 янв. 2020
Источник: debian
EPSS Низкий

Описание

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javafixed3.0.6.RELEASE-11package

EPSS

Процентиль: 56%
0.00337
Низкий

Связанные уязвимости

CVSS3: 5.4
ubuntu
больше 5 лет назад

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

redhat
больше 11 лет назад

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

CVSS3: 5.4
nvd
больше 5 лет назад

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

CVSS3: 5.4
github
около 3 лет назад

Improper Neutralization of Input During Web Page Generation in Spring Framework

EPSS

Процентиль: 56%
0.00337
Низкий