CVE-2016-1000273 — Java Melody vulnerable to cross-site scripting

Description

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds.

How to fix CVE-2016-1000273

To remediate CVE-2016-1000273, upgrade the affected package to a fixed version below.

Maven/net.bull.javamelody:javamelody-core—upgrade to 1.61.0 or later

Is CVE-2016-1000273 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000273.

Affected packages (1)

from 0, < 1.61.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (3)

PATCHgithub.com/javamelody/javamelody
WEBgithub.com/javamelody/javamelody/commit/e0497c1980acebd257d3da78dfde29ae9bdffdf6
WEBgithub.com/javamelody/javamelody/wiki/ReleaseNotes#1620