CVE-2018-1229
Description
Stored XSS in Pivotal Spring Batch Admin file upload allows unauthenticated attackers to execute arbitrary scripts; product is EOL, no fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Pivotal Spring Batch Admin file upload allows unauthenticated attackers to execute arbitrary scripts; product is EOL, no fix.
Vulnerability
Spring Batch Admin by Pivotal, all versions, contains a stored cross-site scripting (XSS) vulnerability in the file upload feature [1]. An unauthenticated user can upload a malicious web script that is stored and later executed by other users accessing the application.
Exploitation
An attacker with network access to the Spring Batch Admin application, without requiring any authentication, can upload a crafted file containing arbitrary JavaScript or HTML via the file upload functionality [1]. The script is stored on the server and will be rendered in the browser of any user who views the uploaded file.
Impact
Successful exploitation allows the attacker to execute arbitrary web scripts in the context of other users' sessions [1]. This can lead to session hijacking, theft of sensitive information, or defacement of the application interface.
Mitigation
There is no patch available because Spring Batch Admin has reached end of life (EOL) and is no longer maintained [1]. Users are advised to migrate to a supported product or disable the file upload feature if possible.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.batch:spring-batch-admin-managerMaven | <= 2.0.0.M1 | — |
Affected products
2- Spring by Pivotal/Spring Batch Adminv5Range: All
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-4cj8-779h-r25hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1229ghsaADVISORY
- www.securityfocus.com/bid/103462ghsavdb-entryx_refsource_BIDWEB
- pivotal.io/security/cve-2018-1229ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.