GHSA-p4mx-p49m-8rw4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p4mx-p49m-8rw4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p4mx-p49m-8rw4/GHSA-p4mx-p49m-8rw4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-p4mx-p49m-8rw4
- Aliases
-
- CVE-2013-4378
- Published
- 2022-05-17T05:02:46Z
- Modified
- 2024-12-03T05:32:47.180809Z
- Summary
- Improper Neutralization of Input During Web Page Generation in JavaMelody
- Details
-
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2022-07-07T23:27:25Z", "severity": "MODERATE", "nvd_published_at": "2013-09-30T22:55:00Z", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4378
- https://github.com/javamelody/javamelody/issues/346
- https://github.com/javamelody/javamelody/commit/aacbc46151ff4ac1ca34ce0899c2a6113071c66e
- https://code.google.com/p/javamelody/issues/detail?id=346
- https://code.google.com/p/javamelody/source/detail?r=3515
- https://code.google.com/p/javamelody/wiki/ReleaseNotes
- http://osvdb.org/97778
- http://seclists.org/oss-sec/2013/q3/679
Affected packages
Maven / net.bull.javamelody:javamelody-core
Package
- Name
- net.bull.javamelody:javamelody-core
- View open source insights on deps.dev
- Purl
- pkg:maven/net.bull.javamelody/javamelody-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.47.0
Affected versions
1.*
1.8.1
1.8.2
1.9.0
1.10.0
1.11.0
1.11.1
1.12.0
1.13.0
1.14.0
1.15.0
1.16.0
1.16.1
1.17.0
1.18.0
1.19.0
1.20.0
1.21.0
1.22.0
1.23.0
1.25.0
1.26.0
1.27.0
1.28.0
1.29.0
1.29.1
1.30.0
1.31.0
1.32.0
1.32.1
1.33.0
1.34.0
1.35.0
1.36.0
1.37.0
1.38.0
1.39.0
1.40.0
1.41.0
1.42.0
1.43.0
1.44.0
1.45.0
1.46.0