What is CVE-2014-1904?

CVE-2014-1904 is a vulnerability in Pivotal_software Spring_framework, classified under Cross-site Scripting. Published 2014-03-20.

Is CVE-2014-1904 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Pivotal_software Spring_framework

CVE-2014-1904

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.018 (83.2th percentile) — read the EPSS interpretation.

Affected products

Pivotal_software Spring_framework
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
66137 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (Permissions Required, x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
20140311 CVE-2014-1904 XSS when using Spring MVC (mailing-list, x_refsource_BUGTRAQ, Broken Link)
RHSA-2014:0400 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
57915 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20140312 CVE-2014-1904 XSS when using Spring MVC (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2014-1904?: CVE-2014-1904 is a vulnerability in Pivotal_software Spring_framework, classified under Cross-site Scripting. Published 2014-03-20.
Is CVE-2014-1904 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.