18 matches found
EUVD-2022-4676
Malicious code in bioql PyPI...
Java Melody vulnerable to cross-site scripting
JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting XSS attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds...
GHSA-CQHR-JQVC-QW9P Java Melody vulnerable to cross-site scripting
JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting XSS attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds...
Improper Neutralization of Input During Web Page Generation in JavaMelody
Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...
GHSA-P4MX-P49M-8RW4 Improper Neutralization of Input During Web Page Generation in JavaMelody
Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...
Cross-site Scripting in JavaMelody
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
GHSA-G66Q-GRXC-64J3 Cross-site Scripting in JavaMelody
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...
GHSA-6FVX-R7HX-3VH6 JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...
Code injection
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...
CVE-2018-15531
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...
CVE-2018-15531
CVE-2018-15531 affects JavaMelody up to version 1.74.0, where parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java is vulnerable to XML External Entity (XXE) processing. The XXE flaw can enable an attacker to trigger external entity resolution, which may lead to exposure of sensi...
Design/Logic Flaw
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
CVE-2018-12432
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
CVE-2018-12432
JavaMelody through 1.60.0 has XSS via the counter parameter in a clearcounter action to the /monitoring URI...
CVE-2018-12432
JavaMelody up to version 1.60.0 is vulnerable to XSS via the counter parameter in the clear_counter action at the /monitoring URI. The root cause is unsanitized input in the counter parameter, enabling attacker-controlled script injection. Documented affected component: javamelody-core (JavaMelod...
CVE-2013-4378
Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...
CVE-2013-4378
Cross-site scripting XSS vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header...