Your submission was sent successfully! Close

CVE-2014-1904

Published: 20 March 2014

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Priority

Medium

Status

Package Release Status
libspring-java
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(3.0.6.RELEASE-13)
cosmic Not vulnerable
(3.0.6.RELEASE-13)
lucid Does not exist

precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Not vulnerable
(3.0.6.RELEASE-13)
upstream
Released (3.0.6.RELEASE-13)
utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Ignored
(reached end-of-life)
xenial Not vulnerable
(3.0.6.RELEASE-13)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)