{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37648?format=json","vulnerability_id":"VCID-4ut8-z444-puhf","summary":"Cross-site scripting flaw\nCross-site scripting (XSS) vulnerability in `web/servlet/tags/form/FormTag.java` in Spring MVC in this package allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.","aliases":[{"alias":"CVE-2014-1904"},{"alias":"GHSA-ff7p-jqjm-v66h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103851?format=json","purl":"pkg:deb/debian/libspring-java@3.0.6.RELEASE-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103845?format=json","purl":"pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103843?format=json","purl":"pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103847?format=json","purl":"pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103846?format=json","purl":"pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/51784?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/51785?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4.0.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.2.RELEASE"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51780?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ut8-z444-puhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/198389?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198390?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198391?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198392?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/52072?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198393?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198394?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198395?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.0.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.0.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198396?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.1.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.1.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198397?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198398?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.1.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.1.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198399?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.1.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.1.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/52073?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.1.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.1.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198400?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198401?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"},{"vulnerability":"VCID-vw31-4w5h-rucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/76441?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198402?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198403?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198404?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/198405?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/51781?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@3.2.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"},{"vulnerability":"VCID-vgyx-gshk-tbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@3.2.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/51782?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ut8-z444-puhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/198406?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/51783?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4.0.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2327-21sr-mfgx"},{"vulnerability":"VCID-4ut8-z444-puhf"},{"vulnerability":"VCID-envb-buqd-r3dt"},{"vulnerability":"VCID-fra1-reqm-kfdb"},{"vulnerability":"VCID-hb8j-4quw-fyhy"},{"vulnerability":"VCID-kvhz-7nfu-2kdx"},{"vulnerability":"VCID-tj95-xfgu-pya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.1.RELEASE"}],"references":[{"reference_url":"http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0400.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1904.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1904","reference_id":"","reference_type":"","scores":[{"value":"0.0181","scoring_system":"epss","scoring_elements":"0.83173","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Mar/101","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2014/Mar/101"},{"reference_url":"http://secunia.com/advisories/57915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57915"},{"reference_url":"https://github.com/spring-projects/spring-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58"},{"reference_url":"https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58#diff-5c29d6685335045274d9908c5cd45e45","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58#diff-5c29d6685335045274d9908c5cd45e45"},{"reference_url":"https://jira.springsource.org/browse/SPR-11426","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jira.springsource.org/browse/SPR-11426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1904","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1904"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1075296","reference_id":"1075296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1075296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741604","reference_id":"741604","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741604"},{"reference_url":"https://bugzilla.redhat.com/CVE-2014-1904","reference_id":"CVE-2014-1904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2014-1904"},{"reference_url":"http://www.gopivotal.com/security/cve-2014-1904","reference_id":"CVE-2014-1904","reference_type":"","scores":[],"url":"http://www.gopivotal.com/security/cve-2014-1904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0401","reference_id":"RHSA-2014:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0401"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ut8-z444-puhf"}