CVE-2013-6430: Cross-site Scripting

January 10, 2020 (updated January 22, 2020)

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

References

nvd.nist.gov/vuln/detail/CVE-2013-6430

Code Behaviors & Features

Detect and mitigate CVE-2013-6430 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →