Jolokia Agent - JNDI Code Injection

Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. id: CVE-2018-1000130 info: name: Jolokia Agent - JNDI Code Injection author: milo2012 severity: high description: | Jolokia agent i...

GHSA-HFPG-GQJW-779M Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

GHSA-RHQJ-4PP8-VVGF Injection in Jolokia agent

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

Injection in Jolokia agent

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

Cross site scripting

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Design/Logic Flaw

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

CVE-2018-1000129 affects Jolokia 1.3.7, where the HTTP servlet is vulnerable to cross-site scripting (XSS). An attacker can cause the browser to execute arbitrary JavaScript, potentially hijacking sessions or accessing sensitive data. The issue is documented across multiple sources (NVD and secur...