Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vw31-4w5h-rucb
Vulnerability ID VCID-vw31-4w5h-rucb
Aliases CVE-2013-6430
GHSA-xjrf-8x4f-43h4
Summary Improper Neutralization of Input During Web Page Generation in Spring Framework The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2013-6430
cvssv3.1 5.4 https://github.com/spring-projects/spring-framework
generic_textual MODERATE https://github.com/spring-projects/spring-framework
cvssv3.1 5.4 https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
cvssv3.1 5.4 https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff
cvssv3.1 5.4 https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b
cvssv3.1 5.4 https://github.com/spring-projects/spring-framework/issues/14617
generic_textual MODERATE https://github.com/spring-projects/spring-framework/issues/14617
cvssv3.1 5.4 https://jira.spring.io/browse/SPR-9983?redirect=false
generic_textual MODERATE https://jira.spring.io/browse/SPR-9983?redirect=false
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2013-6430
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-6430
cvssv3.1 5.4 https://spring.io/security/cve-2013-6430
generic_textual MODERATE https://spring.io/security/cve-2013-6430
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6430.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
https://github.com/spring-projects/spring-framework
https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff
https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b
https://github.com/spring-projects/spring-framework/issues/14617
https://jira.spring.io/browse/SPR-9983?redirect=false
1039783 https://bugzilla.redhat.com/show_bug.cgi?id=1039783
735420 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
CVE-2013-6430 https://bugzilla.redhat.com/CVE-2013-6430
CVE-2013-6430 https://nvd.nist.gov/vuln/detail/CVE-2013-6430
CVE-2013-6430 https://spring.io/security/cve-2013-6430
CVE-2013-6430 http://www.gopivotal.com/security/cve-2013-6430
GHSA-xjrf-8x4f-43h4 https://github.com/advisories/GHSA-xjrf-8x4f-43h4
RHSA-2014:0400 https://access.redhat.com/errata/RHSA-2014:0400
RHSA-2014:0401 https://access.redhat.com/errata/RHSA-2014:0401
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/spring-projects/spring-framework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/spring-projects/spring-framework/issues/14617
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://jira.spring.io/browse/SPR-9983?redirect=false
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-6430
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://spring.io/security/cve-2013-6430
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54888
EPSS Score 0.00315
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:27.155532+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2013-6430.yml 38.6.0