Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2013-6430

UNKNOWN
Published 2020-01-10T13:28:11
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2013-6430. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Pivotal

Spring MVC

Affected Versions:

before 3.2.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Improper Neutralization of Input During Web Page Generation in Spring Framework

GHSA-xjrf-8x4f-43h4

Advisory Details

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Affected Packages

Maven org.springframework:spring-web
ECOSYSTEM: ≥0 <3.2.2.RELEASE

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-6430
WEB https://github.com/spring-projects/spring-framework/issues/14617
WEB https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
WEB https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff
WEB https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b
PACKAGE https://github.com/spring-projects/spring-framework
WEB https://jira.spring.io/browse/SPR-9983?redirect=false
WEB https://spring.io/security/cve-2013-6430

Advisory provided by GitHub Security Advisory Database. Published: May 5, 2022, Modified: July 3, 2025

References

http://www.gopivotal.com/security/cve-2013-6430
https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
https://jira.springsource.org/browse/SPR-9983
Published: 2020-01-10T13:28:11
Last Modified: 2024-08-06T17:39:01.262Z
Copied to clipboard!