Maven package

net.bull.javamelody/javamelody-core

pkg:maven/net.bull.javamelody/javamelody-core

Vulnerabilities (4)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-1000273	cri	—	< 1.61.0	1.61.0	Jul 20, 2022	JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds.
CVE-2018-15531		—	< 1.74.0	1.74.0	Sep 26, 2018	JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
CVE-2018-12432		—	< 1.61.0	1.61.0	Jun 14, 2018	JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
CVE-2013-4378		—	< 1.47.0	1.47.0	Sep 30, 2013	Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.

CVE-2016-1000273criJul 20, 2022
affected < 1.61.0fixed 1.61.0
JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds.
CVE-2018-15531Sep 26, 2018
affected < 1.74.0fixed 1.74.0
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
CVE-2018-12432Jun 14, 2018
affected < 1.61.0fixed 1.61.0
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
CVE-2013-4378Sep 30, 2013
affected < 1.47.0fixed 1.47.0
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.