The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework prior to 3.2.2 does not properly escape certain characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software spring framework |