{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-30T16:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130926 Re: CVE request: Javamelody blind XSS through X-Forwarded-For header", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q3/679"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/javamelody/source/detail?r=3515"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes"}, {"name": "62679", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62679"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/javamelody/issues/detail?id=346"}, {"name": "97778", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/97778"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4378", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20130926 Re: CVE request: Javamelody blind XSS through X-Forwarded-For header", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q3/679"}, {"name": "https://code.google.com/p/javamelody/source/detail?r=3515", "refsource": "CONFIRM", "url": "https://code.google.com/p/javamelody/source/detail?r=3515"}, {"name": "https://code.google.com/p/javamelody/wiki/ReleaseNotes", "refsource": "CONFIRM", "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes"}, {"name": "62679", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62679"}, {"name": "https://code.google.com/p/javamelody/issues/detail?id=346", "refsource": "CONFIRM", "url": "https://code.google.com/p/javamelody/issues/detail?id=346"}, {"name": "97778", "refsource": "OSVDB", "url": "http://osvdb.org/97778"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:02.031Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130926 Re: CVE request: Javamelody blind XSS through X-Forwarded-For header", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q3/679"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/javamelody/source/detail?r=3515"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes"}, {"name": "62679", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62679"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/javamelody/issues/detail?id=346"}, {"name": "97778", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/97778"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4378", "datePublished": "2013-09-30T16:00:00Z", "dateReserved": "2013-06-12T00:00:00Z", "dateUpdated": "2024-09-17T00:51:25.336Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emeric_vernat:javamelody:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4B39228-333A-40AE-B865-C32F9597BDB5", "versionEndIncluding": "1.46", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "36302228-745C-4C4B-9A52-05B30873D5E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8FF15B50-9E3E-425A-81CD-1D694388475C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "BD2BF11D-C9D3-445B-86BB-3D921DC57A1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "8E1D36BB-0839-479F-A7E2-8920D6A5FB2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "C73D00E9-E743-43AA-ADA0-63E96D05EA4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "73EB6AC9-B237-49E7-9904-EDBCEA0F0E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "26E95D4B-EC23-44FC-9967-0E5B1022B4BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "B7133D05-E63D-4C78-8F26-EB23B10B289B", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "4FE52779-BD9B-40DC-B4C1-B7F58C7F43CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "D1FCF465-2776-48E3-A493-853C753990E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.16:*:*:*:*:*:*:*", "matchCriteriaId": "47B90DD3-5381-48FE-B8D1-F1F79BF23FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "4FCE2577-78D9-41AA-9B8B-3D073AC946E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA7ED8-AEFA-4231-8933-42A720622941", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "511EFD32-3966-47F5-A403-FDFF7C3AF8FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "192C52D1-B54D-443F-856B-BD8B20FEAE63", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "1E73C95F-1B18-4984-8A90-7EF2889AD435", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "27B89B64-03D8-44BA-9B71-DADDF7602898", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.23:*:*:*:*:*:*:*", "matchCriteriaId": "84AB9614-C5A0-40E3-97AB-58C6FAEC8E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.24:*:*:*:*:*:*:*", "matchCriteriaId": "7E905DAC-6B07-4B9E-B979-3213248A8500", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.25:*:*:*:*:*:*:*", "matchCriteriaId": "AD28BF76-CDBD-4709-8F6E-67D17AE0B8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.26:*:*:*:*:*:*:*", "matchCriteriaId": "9A671C79-3B44-4426-9F8F-4563CB092716", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.27:*:*:*:*:*:*:*", "matchCriteriaId": "A64FE8C9-7368-4B3C-BC8E-41FFC385FDAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.28:*:*:*:*:*:*:*", "matchCriteriaId": "9709C21B-EA40-4792-AAB6-5BB2A219C83D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.29:*:*:*:*:*:*:*", "matchCriteriaId": "B94101B1-EE8E-4EF4-B572-F4D3BA73ECA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.30:*:*:*:*:*:*:*", "matchCriteriaId": "24C08E3D-53C4-447E-B752-1BC09D958157", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.31:*:*:*:*:*:*:*", "matchCriteriaId": "F0FF74EB-1CE9-4A8E-866F-5BBFEC8A629D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.32:*:*:*:*:*:*:*", "matchCriteriaId": "5FB7FBDF-9743-4C1D-85BC-53C7B38F3307", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "B27871B5-8DEA-4BD2-B6EA-B17C0A04E16C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.33:*:*:*:*:*:*:*", "matchCriteriaId": "E3B2538C-1FB3-4AFE-80BE-186A7CD946C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "B75CC0E7-8175-436E-9E00-55AFFA191F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.35:*:*:*:*:*:*:*", "matchCriteriaId": "F8F31AEC-8B14-4A5D-A707-3BFA8095A646", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.36:*:*:*:*:*:*:*", "matchCriteriaId": "95B66589-DDB3-4F62-BE6C-DEFD6E6ACD2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.37:*:*:*:*:*:*:*", "matchCriteriaId": "021872FB-23DD-448A-B477-B574BFB0F42D", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.38:*:*:*:*:*:*:*", "matchCriteriaId": "4C67C111-61AE-402B-A33C-B407A9F38BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.39:*:*:*:*:*:*:*", "matchCriteriaId": "1743177D-B54B-4966-96C0-5F1443652F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.40:*:*:*:*:*:*:*", "matchCriteriaId": "2F0FBEAB-B086-4034-817B-EFC2C24DC1F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.41:*:*:*:*:*:*:*", "matchCriteriaId": "EAB16672-40F0-4892-8142-70CF9AB4AA5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.42:*:*:*:*:*:*:*", "matchCriteriaId": "9728FB1B-B5B2-49F6-A1D1-8CED3C914F70", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.43:*:*:*:*:*:*:*", "matchCriteriaId": "3A467F13-FECF-478D-B0D1-EB9438BB7FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.44:*:*:*:*:*:*:*", "matchCriteriaId": "ED807C3A-D00B-402E-BFA0-F1305575A3B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.45:*:*:*:*:*:*:*", "matchCriteriaId": "5FEC71B6-91A7-4783-9F23-E49CA386A140", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header."}, {"lang": "es", "value": "Vulnerabilidad cross-site scripting (XSS) en HtmlSessionInformationsReport.java en JavaMelody 1.46 y anteriores permite a atacantes remotos inyectar script web o HTML a trav\u00e9s de cabeceras X-Forwarded-For manipuladas."}], "id": "CVE-2013-4378", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-09-30T22:55:02.993", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/97778"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://seclists.org/oss-sec/2013/q3/679"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/62679"}, {"source": "secalert@redhat.com", "url": "https://code.google.com/p/javamelody/issues/detail?id=346"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://code.google.com/p/javamelody/source/detail?r=3515"}, {"source": "secalert@redhat.com", "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/97778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://seclists.org/oss-sec/2013/q3/679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/62679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/javamelody/issues/detail?id=346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://code.google.com/p/javamelody/source/detail?r=3515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}