Lucene search

GitHub Advisory DatabaseGHSA-P4MX-P49M-8RW4

HistoryMay 17, 2022 - 5:02 a.m.

Improper Neutralization of Input During Web Page Generation in JavaMelody

2022-05-1705:02:46

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

javamelody

html

vulnerability

web script

x-forwarded-for

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

65.1%

JSON

Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.

Affected configurations

Vulners

Node

net.bull.javamelodyjavamelody-coreRange<1.47.0

VendorProductVersionCPE
net.bull.javamelodyjavamelody-core*cpe:2.3:a:net.bull.javamelody:javamelody-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
net.bull.javamelody	javamelody-core	*	cpe:2.3:a:net.bull.javamelody:javamelody-core::::::::

References

osvdb.org/97778

seclists.org/oss-sec/2013/q3/679

code.google.com/p/javamelody/issues/detail?id=346

code.google.com/p/javamelody/source/detail?r=3515

code.google.com/p/javamelody/wiki/ReleaseNotes

github.com/advisories/GHSA-p4mx-p49m-8rw4

github.com/javamelody/javamelody/commit/aacbc46151ff4ac1ca34ce0899c2a6113071c66e

github.com/javamelody/javamelody/issues/346

nvd.nist.gov/vuln/detail/CVE-2013-4378

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

65.1%

JSON

Related for GHSA-P4MX-P49M-8RW4