Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-m9wb-x5aw-73ag
Vulnerability ID VCID-m9wb-x5aw-73ag
Aliases CVE-2014-1904
GHSA-ff7p-jqjm-v66h
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0400.html
epss 0.0181 https://api.first.org/data/v1/epss?cve=CVE-2014-1904
epss 0.0181 https://api.first.org/data/v1/epss?cve=CVE-2014-1904
epss 0.0181 https://api.first.org/data/v1/epss?cve=CVE-2014-1904
epss 0.0181 https://api.first.org/data/v1/epss?cve=CVE-2014-1904
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Mar/101
generic_textual MODERATE http://secunia.com/advisories/57915
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-ff7p-jqjm-v66h
generic_textual MODERATE https://github.com/spring-projects/spring-framework
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58#diff-5c29d6685335045274d9908c5cd45e45
generic_textual MODERATE https://jira.springsource.org/browse/SPR-11426
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-1904
Reference id Reference type URL
http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt
http://rhn.redhat.com/errata/RHSA-2014-0400.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1904.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904
http://seclists.org/fulldisclosure/2014/Mar/101
http://secunia.com/advisories/57915
https://github.com/spring-projects/spring-framework
https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485
https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58
https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58#diff-5c29d6685335045274d9908c5cd45e45
https://jira.springsource.org/browse/SPR-11426
https://nvd.nist.gov/vuln/detail/CVE-2014-1904
1075296 https://bugzilla.redhat.com/show_bug.cgi?id=1075296
741604 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741604
CVE-2014-1904 https://bugzilla.redhat.com/CVE-2014-1904
CVE-2014-1904 http://www.gopivotal.com/security/cve-2014-1904
GHSA-ff7p-jqjm-v66h https://github.com/advisories/GHSA-ff7p-jqjm-v66h
RHSA-2014:0400 https://access.redhat.com/errata/RHSA-2014:0400
RHSA-2014:0401 https://access.redhat.com/errata/RHSA-2014:0401
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.83236
EPSS Score 0.0181
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:20:06.759015+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.6.0