CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1230
https://notcve.org/view.php?id=CVE-2018-1230
Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, no contiene protección contra Cross-Site Request Forgery (CSRF). Un usuario remoto no autenticado podría manipular un sitio malicioso que ejecute peticiones a Spring Batch Admin. • http://www.securityfocus.com/bid/103463 https://pivotal.io/security/cve-2018-1230 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1229
https://notcve.org/view.php?id=CVE-2018-1229
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. Pivotal Spring Batch Admin, en todas las versiones, contiene una vulnerabilidad Cross-Site Scripting (XSS) persistente en la característica de subida de archivos. Un usuario malicioso no autenticado con acceso de red a Spring Batch Admin podría almacenar un script web arbitrario que sería ejecutado por otros usuarios. • http://www.securityfocus.com/bid/103462 https://pivotal.io/security/cve-2018-1229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •