Vulnerability Database

296,468

Total vulnerabilities in the database

CVE-2016-1000273

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds.

Published: Jul 20, 2022
Updated: Apr 14, 2023
CVE: CVE-2016-1000273
GHSA: GHSA-cqhr-jqvc-qw9p
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
net.bull.javamelody / javamelody-core	-	1.61.0

https://github.com/javamelody/javamelody/commit/e0497c1980acebd257d3da78dfde29ae9bdffdf6
https://github.com/javamelody/javamelody/wiki/ReleaseNotes#1620

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo