Skip to main content

Javamelody

3 CVEs product

Monthly

CVE-2018-15531 Maven CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
CVSS 3.0
9.8
EPSS
27.9%
CVE-2018-12432 Maven MEDIUM POC PATCH This Month

JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Javamelody
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2013-4378 Maven MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Java XSS Javamelody
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 28% CVSS 9.8
CRITICAL PATCH Act Now

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Javamelody
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Javamelody
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Java XSS Javamelody
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy