Vulnerability Details CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.gopivotal.com/security/cve-2013-6430
- https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
- https://jira.springsource.org/browse/SPR-9983
- http://www.gopivotal.com/security/cve-2013-6430
- https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
- https://jira.springsource.org/browse/SPR-9983
Products affected by CVE-2013-6430
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.0
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.1
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.2
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.3
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.4
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.5
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.6
-
cpe:2.3:a:pivotal_software:spring_framework:3.0.7
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.0
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.1
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.2
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.3
-
cpe:2.3:a:pivotal_software:spring_framework:3.1.4
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.0
-
cpe:2.3:a:pivotal_software:spring_framework:3.2.1