{"id":7183,"date":"2025-06-23T11:11:48","date_gmt":"2025-06-23T11:11:48","guid":{"rendered":"http:\/\/localhost\/?p=7183"},"modified":"2025-06-23T11:11:48","modified_gmt":"2025-06-23T11:11:48","slug":"seaswalker-spring-analysis-simplecontrollerjava-echo-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7183","title":{"rendered":"seaswalker spring-analysis SimpleController.java echo cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nseaswalker spring-analysis SimpleController.java echo cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-23T15:31:05.152Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nseaswalker<\/td>\n<\/tr>\n
Product<\/th>\nspring-analysis<\/td>\n<\/tr>\n
Version<\/th>\n4379cce848af96997a9d7ef91d594aa129be8d71<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA medium severity cross-site scripting (XSS) vulnerability exists in the echo function of SimpleController.java. This allows remote attackers to inject malicious scripts via the Name argument, potentially leading to unauthorized actions on behalf of users.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nseaswalker<\/td>\n<\/tr>\n
Product<\/th>\nspring-analysis<\/td>\n<\/tr>\n
Affected Version<\/th>\n4379cce848af96997a9d7ef91d594aa129be8d71<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n