Описание
Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000129
- https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:3817
- https://github.com/rhuss/jolokia/releases/tag/v1.5.0
- https://jolokia.org/#Security_fixes_with_1.5.0
Пакеты
Наименование
org.jolokia:jolokia-core
maven
Затронутые версииВерсия исправления
>= 1.3.7, < 1.5.0
1.5.0
Связанные уязвимости
CVSS3: 6.1
redhat
почти 8 лет назад
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
CVSS3: 6.1
nvd
почти 8 лет назад
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.