CVE-2018-1000129 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-1000129 PUBLISHED CVSS 4.300000190734863 MEDIUM

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

EPSS 76.78% · 98.9th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

76.78%

98.9th percentile

Affected Products

Vendor	Product	Versions
jolokia	jolokia	1.3.7
Maven	org.jolokia:jolokia-core	1.3.7
n/a	n/a	n/a

Timeline

CVE Published
Apr 14, 2021 EPSS Score
Aug 4, 2022 EPSS Score
Oct 27, 2022 PoC Published
Dec 17, 2024 EPSS Score
Dec 18, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 22, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 30, 2025 EPSS Score
May 1, 2025 EPSS Score
May 4, 2025 EPSS Score

References

https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad url
RHSA-2018:3817 vendor-advisory
https://jolokia.org/#Security_fixes_with_1.5.0 url
RHSA-2018:2669 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2018-1000129 advisory
https://github.com/rhuss/jolokia package
https://github.com/rhuss/jolokia/releases/tag/v1.5.0 url

Open in Interactive Console →