Description
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
Remediation
References
https://github.com/Hurdano/JavaMelody-XSS/wiki/Attack-Vector---JavaMelody
Related Vulnerabilities
CVE-2020-8237 Vulnerability in npm package json-bigint
CVE-2018-5673 Vulnerability in npm package dojo
CVE-2022-40151 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-37958 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher
CVE-2023-36472 Vulnerability in npm package @strapi/plugin-content-manager