Description
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
Remediation
References
https://github.com/Hurdano/JavaMelody-XSS/wiki/Attack-Vector---JavaMelody
Related Vulnerabilities
CVE-2023-33510 Vulnerability in maven package org.jeecgframework.p3:jeecg-p3-biz-chat
CVE-2022-29256 Vulnerability in npm package sharp
CVE-2022-35204 Vulnerability in npm package vite
CVE-2017-16108 Vulnerability in npm package gaoxiaotingtingting
CVE-2023-22491 Vulnerability in npm package gatsby-transformer-remark