Medium severity5.4NVD Advisory· Published Aug 18, 2017· Updated Jun 17, 2026
CVE-2017-12882
CVE-2017-12882
Description
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.batch:spring-batch-admin-managerMaven | < 1.3.0.RELEASE | 1.3.0.RELEASE |
Affected products
2- cpe:2.3:a:spring_batch_admin_project:spring_batch_admin:*:*:*:*:*:*:*:*Range: <=1.2.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2017/08/16/5nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/100410nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-49mj-77q5-qw5gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12882ghsaADVISORY
News mentions
0No linked articles in our index yet.