CVE-2013-6235 – com.jamonapi:jamon

Package

Manager: maven
Name: com.jamonapi:jamon
Vulnerable Version: >=0 <2.80

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00395 pctl0.59577

Details

Improper Neutralization of Input During Web Page Generation in JAMon Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp.

Metadata

Created: 2022-05-14T02:54:05Z
Modified: 2022-07-07T23:25:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qpr7-5m63-hq2c/GHSA-qpr7-5m63-hq2c.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qpr7-5m63-hq2c
Finding: F008
Auto approve: 1