net.bull.javamelody:javamelody-core@1.58.0 vulnerabilities
-
latest version
2.1.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
2 months ago
-
licenses detected
- [1.50.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the net.bull.javamelody:javamelody-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
net.bull.javamelody:javamelody-core is a JavaEE application monitoring module. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,1.61.0)
|
net.bull.javamelody:javamelody-core is monitoring of JavaEE applications. Affected versions of this package are vulnerable to WML External Entity (XXE) injection via the How to fix XML External Entity (XXE) Injection? Upgrade |
[1.48.0,1.74.0)
|
Affected versions of this package are vulnerable to do not limit the number of login attempts allowing attackers to use brute force algorithms to login. |
[1.53.0,1.60.0)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. There was no escaping of |
[1.36.0,1.60.0)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. It allows remote attackers to inject arbitrary web script or HTML via a crafted http parameters. |
[1.36.0,1.62.0)
|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. Alert messages in |
[1.36.0,1.61.0)
|