CVE-2014-1904: Cross-site scripting flaw

March 20, 2014 (updated March 27, 2019)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in this package allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

References

www.gopivotal.com/security/cve-2014-1904
bugzilla.redhat.com/CVE-2014-1904

Code Behaviors & Features

Detect and mitigate CVE-2014-1904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →