Description

Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp.

Remediation

References

http://osvdb.org/102570

http://osvdb.org/102571

http://osvdb.org/102572

http://osvdb.org/102573

http://packetstormsecurity.com/files/124933

http://seclists.org/fulldisclosure/2014/Jan/164

http://www.securityfocus.com/archive/1/530877/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/90699

Related Vulnerabilities

CVE-2017-16132 Vulnerability in npm package simple-npm-registry

CVE-2020-7696 Vulnerability in npm package react-native-fast-image

CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request

CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

CVE-2010-1244 Vulnerability in maven package org.apache.activemq:activemq-web

Severity

Critical

Classification

CWE-79

Tags

Exploit