MidnightBSD

Advisories for javamelody_project

CVE-2018-12432 MEDIUM

JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
javamelody_project javamelody *
CVE-2018-15531 HIGH

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
javamelody_project javamelody *