Description
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
Remediation
References
https://github.com/Hurdano/JavaMelody-XSS/wiki/Attack-Vector---JavaMelody
Related Vulnerabilities
CVE-2020-8205 Vulnerability in npm package @uppy/companion
CVE-2020-7760 Vulnerability in maven package org.webjars.bower:codemirror
CVE-2020-7766 Vulnerability in maven package org.webjars.npm:json-ptr
CVE-2021-4264 Vulnerability in maven package org.webjars.bower:dustjs-linkedin
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.13