CVE-2013-6430: Possible XSS

January 14, 2014

The org.spring.web.util.JavaScriptUtils.javaScriptEscape method insufficiently escaped some characters. Applications using this method to escape user-supplied content that will be rendered in HTML 5 documents may expose cross-site scripting (XSS) flaws.

References

www.gopivotal.com/security/cve-2013-6430
bugzilla.redhat.com/CVE-2013-6430

Code Behaviors & Features

Detect and mitigate CVE-2013-6430 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →