Vulnerable Package issue exists @ Maven-org.springframework:spring-web-3.0.5.RELEASE in branch master
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Namespace: srcdevel1
Repository: dvja
Repository Url: https://github.com/srcdevel1/dvja
CxAST-Project: srcdevel1/dvja
CxAST platform scan: 275e3e87-21b4-460d-8d79-5eeebeb21604
Branch: master
Application: dvja
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-79
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
References
Commit
Issue
Advisory
Vulnerable Package issue exists @ Maven-org.springframework:spring-web-3.0.5.RELEASE in branch master
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Namespace: srcdevel1
Repository: dvja
Repository Url: https://github.com/srcdevel1/dvja
CxAST-Project: srcdevel1/dvja
CxAST platform scan: 275e3e87-21b4-460d-8d79-5eeebeb21604
Branch: master
Application: dvja
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-79
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
References
Commit
Issue
Advisory