Search for packages
| purl | pkg:maven/org.springframework/spring-webmvc@3-alpha0 |
| Tags | Ghost |
| Next non-vulnerable version | 5.2.20.RELEASE |
| Latest non-vulnerable version | 7.0.6 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ajex-5x84-8ygb
Aliases: CVE-2014-1904 GHSA-ff7p-jqjm-v66h |
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:52.088005+00:00 | GitLab Importer | Affected by | VCID-ajex-5x84-8ygb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-1904.yml | 38.0.0 |