Medium severity5.4NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026

CVE-2017-12882

Description

Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.springframework.batch:spring-batch-admin-managerMaven	< 1.3.0.RELEASE	1.3.0.RELEASE

Affected products

Spring Batch Admin Project/Spring Batch Admin
cpe:2.3:a:spring_batch_admin_project:spring_batch_admin:*:*:*:*:*:*:*:*
Range: <=1.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2017/08/16/5nvdMailing ListThird Party AdvisoryWEB
www.securityfocus.com/bid/100410nvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-49mj-77q5-qw5gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-12882ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000