Lucene search
RedhatCVE-2013-4378HistorySep 30, 2013 - 10:55 p.m.
CVE-2013-4378
2013-09-3022:55:02
CWE-79
redhat
web.nvd.nist.gov
37
cve-2013-4378
cross-site scripting
xss
htmlsessioninformationsreport.java
javamelody 1.46
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.002
Percentile
65.1%
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
Affected configurations
Node
emeric_vernatjavamelodyRange≤1.46
ORemeric_vernatjavamelodyMatch1.6
ORemeric_vernatjavamelodyMatch1.7
ORemeric_vernatjavamelodyMatch1.8
ORemeric_vernatjavamelodyMatch1.9
ORemeric_vernatjavamelodyMatch1.10
ORemeric_vernatjavamelodyMatch1.11
ORemeric_vernatjavamelodyMatch1.12
ORemeric_vernatjavamelodyMatch1.13
ORemeric_vernatjavamelodyMatch1.14
ORemeric_vernatjavamelodyMatch1.15
ORemeric_vernatjavamelodyMatch1.16
ORemeric_vernatjavamelodyMatch1.17
ORemeric_vernatjavamelodyMatch1.18
ORemeric_vernatjavamelodyMatch1.19
ORemeric_vernatjavamelodyMatch1.20
ORemeric_vernatjavamelodyMatch1.21
ORemeric_vernatjavamelodyMatch1.22
ORemeric_vernatjavamelodyMatch1.23
ORemeric_vernatjavamelodyMatch1.24
ORemeric_vernatjavamelodyMatch1.25
ORemeric_vernatjavamelodyMatch1.26
ORemeric_vernatjavamelodyMatch1.27
ORemeric_vernatjavamelodyMatch1.28
ORemeric_vernatjavamelodyMatch1.29
ORemeric_vernatjavamelodyMatch1.30
ORemeric_vernatjavamelodyMatch1.31
ORemeric_vernatjavamelodyMatch1.32
ORemeric_vernatjavamelodyMatch1.32.1
ORemeric_vernatjavamelodyMatch1.33
ORemeric_vernatjavamelodyMatch1.34
ORemeric_vernatjavamelodyMatch1.35
ORemeric_vernatjavamelodyMatch1.36
ORemeric_vernatjavamelodyMatch1.37
ORemeric_vernatjavamelodyMatch1.38
ORemeric_vernatjavamelodyMatch1.39
ORemeric_vernatjavamelodyMatch1.40
ORemeric_vernatjavamelodyMatch1.41
ORemeric_vernatjavamelodyMatch1.42
ORemeric_vernatjavamelodyMatch1.43
ORemeric_vernatjavamelodyMatch1.44
ORemeric_vernatjavamelodyMatch1.45
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emeric_vernat | javamelody | * | cpe:2.3:a:emeric_vernat:javamelody:*:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.6 | cpe:2.3:a:emeric_vernat:javamelody:1.6:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.7 | cpe:2.3:a:emeric_vernat:javamelody:1.7:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.8 | cpe:2.3:a:emeric_vernat:javamelody:1.8:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.9 | cpe:2.3:a:emeric_vernat:javamelody:1.9:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.10 | cpe:2.3:a:emeric_vernat:javamelody:1.10:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.11 | cpe:2.3:a:emeric_vernat:javamelody:1.11:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.12 | cpe:2.3:a:emeric_vernat:javamelody:1.12:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.13 | cpe:2.3:a:emeric_vernat:javamelody:1.13:*:*:*:*:*:*:* |
| emeric_vernat | javamelody | 1.14 | cpe:2.3:a:emeric_vernat:javamelody:1.14:*:*:*:*:*:*:* |
Related
osv
osv
Improper Neutralization of Input During Web Page Generation in JavaMelody
2022-05-17 05:02:46
prion
prion
Cross site scripting
2013-09-30 22:55:00
nvd
nvd
CVE-2013-4378
2013-09-30 22:55:02
cvelist
cvelist
CVE-2013-4378
2013-09-30 16:00:00
github
github
Improper Neutralization of Input During Web Page Generation in JavaMelody
2022-05-17 05:02:46
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.002
Percentile
65.1%
Related for CVE-2013-4378