Cross site scripting

2018-06-2515:29:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

CPENameOperatorVersion
debian_linuxeq9.0
agile_plmeq9.3.3
agile_plmeq9.3.4
agile_plmeq9.3.5
agile_plmeq9.3.6
application_testing_suiteeq12.5.0.3
application_testing_suiteeq13.1.0.1
application_testing_suiteeq13.2.0.1
application_testing_suiteeq13.3.0.1
communications_diameter_signaling_routerlt8.3

Name	Operator	Version
debian_linux	eq	9.0
agile_plm	eq	9.3.3
agile_plm	eq	9.3.4
agile_plm	eq	9.3.5
agile_plm	eq	9.3.6
application_testing_suite	eq	12.5.0.3
application_testing_suite	eq	13.1.0.1
application_testing_suite	eq	13.2.0.1
application_testing_suite	eq	13.3.0.1
communications_diameter_signaling_router	lt	8.3