CVE-2013-4378

{"id": "CVE-2013-4378", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-09-30T22:55:02.993", "references": [{"url": "http://osvdb.org/97778", "source": "secalert@redhat.com"}, {"url": "http://seclists.org/oss-sec/2013/q3/679", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/62679", "source": "secalert@redhat.com"}, {"url": "https://code.google.com/p/javamelody/issues/detail?id=346", "source": "secalert@redhat.com"}, {"url": "https://code.google.com/p/javamelody/source/detail?r=3515", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://code.google.com/p/javamelody/wiki/ReleaseNotes", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header."}, {"lang": "es", "value": "Vulnerabilidad cross-site scripting (XSS) en HtmlSessionInformationsReport.java en JavaMelody 1.46 y anteriores permite a atacantes remotos inyectar script web o HTML a trav\u00e9s de cabeceras X-Forwarded-For manipuladas."}], "lastModified": "2013-10-10T16:52:26.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emeric_vernat:javamelody:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B39228-333A-40AE-B865-C32F9597BDB5", "versionEndIncluding": "1.46"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36302228-745C-4C4B-9A52-05B30873D5E3"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF15B50-9E3E-425A-81CD-1D694388475C"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD2BF11D-C9D3-445B-86BB-3D921DC57A1D"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1D36BB-0839-479F-A7E2-8920D6A5FB2A"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73D00E9-E743-43AA-ADA0-63E96D05EA4D"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73EB6AC9-B237-49E7-9904-EDBCEA0F0E7E"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26E95D4B-EC23-44FC-9967-0E5B1022B4BB"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7133D05-E63D-4C78-8F26-EB23B10B289B"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FE52779-BD9B-40DC-B4C1-B7F58C7F43CD"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FCF465-2776-48E3-A493-853C753990E9"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47B90DD3-5381-48FE-B8D1-F1F79BF23FFC"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FCE2577-78D9-41AA-9B8B-3D073AC946E0"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7AA7ED8-AEFA-4231-8933-42A720622941"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "511EFD32-3966-47F5-A403-FDFF7C3AF8FC"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "192C52D1-B54D-443F-856B-BD8B20FEAE63"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E73C95F-1B18-4984-8A90-7EF2889AD435"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B89B64-03D8-44BA-9B71-DADDF7602898"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84AB9614-C5A0-40E3-97AB-58C6FAEC8E32"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E905DAC-6B07-4B9E-B979-3213248A8500"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD28BF76-CDBD-4709-8F6E-67D17AE0B8E0"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A671C79-3B44-4426-9F8F-4563CB092716"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64FE8C9-7368-4B3C-BC8E-41FFC385FDAA"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9709C21B-EA40-4792-AAB6-5BB2A219C83D"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B94101B1-EE8E-4EF4-B572-F4D3BA73ECA9"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24C08E3D-53C4-447E-B752-1BC09D958157"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0FF74EB-1CE9-4A8E-866F-5BBFEC8A629D"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FB7FBDF-9743-4C1D-85BC-53C7B38F3307"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.32.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B27871B5-8DEA-4BD2-B6EA-B17C0A04E16C"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B2538C-1FB3-4AFE-80BE-186A7CD946C8"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B75CC0E7-8175-436E-9E00-55AFFA191F8B"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8F31AEC-8B14-4A5D-A707-3BFA8095A646"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95B66589-DDB3-4F62-BE6C-DEFD6E6ACD2E"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "021872FB-23DD-448A-B477-B574BFB0F42D"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C67C111-61AE-402B-A33C-B407A9F38BA2"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1743177D-B54B-4966-96C0-5F1443652F44"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F0FBEAB-B086-4034-817B-EFC2C24DC1F3"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAB16672-40F0-4892-8142-70CF9AB4AA5F"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9728FB1B-B5B2-49F6-A1D1-8CED3C914F70"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A467F13-FECF-478D-B0D1-EB9438BB7FA2"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED807C3A-D00B-402E-BFA0-F1305575A3B3"}, {"criteria": "cpe:2.3:a:emeric_vernat:javamelody:1.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FEC71B6-91A7-4783-9F23-E49CA386A140"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}