EPSS
Percentile
38.0%
javamelody-core is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization in the counter parameter when performing the clear_counter action through the /monitoring URI, causing XSS attacks.
counter
clear_counter
/monitoring
github.com/Hurdano/JavaMelody-XSS/
github.com/javamelody/javamelody/commit/ea6caa49a0bece5b29f7dd327e59269c9007a96c