ReportizFlow
Filtered by vendor Spring
Subscriptions
Filtered by product Spring Web Flow
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40985 | 1 Spring | 1 Spring Web Flow | 2026-06-11 | 6.4 Medium |
| Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1. | ||||
| CVE-2026-40986 | 1 Spring | 1 Spring Web Flow | 2026-06-11 | 4.8 Medium |
| Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1. | ||||
Page 1 of 1.