Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp.
CPE | Name | Operator | Version |
---|---|---|---|
com.jamonapi:jamon | lt | 2.80 |
osvdb.org/102570
osvdb.org/102571
osvdb.org/102572
osvdb.org/102573
packetstormsecurity.com/files/124933
seclists.org/fulldisclosure/2014/Jan/164
www.securityfocus.com/archive/1/530877/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/90699
github.com/advisories/GHSA-qpr7-5m63-hq2c
nvd.nist.gov/vuln/detail/CVE-2013-6235