CVE-2013-4378 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
emeric_vernat	javamelody	𝑥 ≤ 1.46
emeric_vernat	javamelody	1.6
emeric_vernat	javamelody	1.7
emeric_vernat	javamelody	1.8
emeric_vernat	javamelody	1.9
emeric_vernat	javamelody	1.10
emeric_vernat	javamelody	1.11
emeric_vernat	javamelody	1.12
emeric_vernat	javamelody	1.13
emeric_vernat	javamelody	1.14
emeric_vernat	javamelody	1.15
emeric_vernat	javamelody	1.16
emeric_vernat	javamelody	1.17
emeric_vernat	javamelody	1.18
emeric_vernat	javamelody	1.19
emeric_vernat	javamelody	1.20
emeric_vernat	javamelody	1.21
emeric_vernat	javamelody	1.22
emeric_vernat	javamelody	1.23
emeric_vernat	javamelody	1.24
emeric_vernat	javamelody	1.25
emeric_vernat	javamelody	1.26
emeric_vernat	javamelody	1.27
emeric_vernat	javamelody	1.28
emeric_vernat	javamelody	1.29
emeric_vernat	javamelody	1.30
emeric_vernat	javamelody	1.31
emeric_vernat	javamelody	1.32
emeric_vernat	javamelody	1.32.1
emeric_vernat	javamelody	1.33
emeric_vernat	javamelody	1.34
emeric_vernat	javamelody	1.35
emeric_vernat	javamelody	1.36
emeric_vernat	javamelody	1.37
emeric_vernat	javamelody	1.38
emeric_vernat	javamelody	1.39
emeric_vernat	javamelody	1.40
emeric_vernat	javamelody	1.41
emeric_vernat	javamelody	1.42
emeric_vernat	javamelody	1.43
emeric_vernat	javamelody	1.44
emeric_vernat	javamelody	1.45

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://osvdb.org/97778

http://seclists.org/oss-sec/2013/q3/679

http://www.securityfocus.com/bid/62679

https://code.google.com/p/javamelody/issues/detail?id=346

https://code.google.com/p/javamelody/source/detail?r=3515

https://code.google.com/p/javamelody/wiki/ReleaseNotes

http://osvdb.org/97778

http://seclists.org/oss-sec/2013/q3/679

http://www.securityfocus.com/bid/62679

https://code.google.com/p/javamelody/issues/detail?id=346

https://code.google.com/p/javamelody/source/detail?r=3515

https://code.google.com/p/javamelody/wiki/ReleaseNotes