Описание
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 4 | spring | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | spring | Will not fix | ||
| Red Hat JBoss Portal 5 | spring | Will not fix | ||
| Red Hat JBoss SOA Platform 4 | spring | Will not fix | ||
| Red Hat JBoss A-MQ 6.1 | Fixed | RHSA-2014:0401 | 14.04.2014 | |
| Red Hat JBoss Fuse 6.1 | Fixed | RHSA-2014:0400 | 14.04.2014 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtil ...
Improper Neutralization of Input During Web Page Generation in Spring Framework
4.3 Medium
CVSS2