CVE-2013-4378
JavaMelody < 1.46 - Cross-Site Scripting via X-Forwarded-For Header
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2013-4378. PoCs published by epicosy, theratpack.
AI-analyzed exploit summary The repository contains a proof-of-concept exploit for CVE-2013-4378, targeting JavaMelody's monitoring tool. The exploit leverages an action execution mechanism to perform unauthorized operations such as garbage collection, heap dumps, and session invalidation.
Description
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
Exploits (2)
The repository contains a proof-of-concept exploit for CVE-2013-4378, targeting JavaMelody's monitoring tool. The exploit leverages an action execution mechanism to perform unauthorized operations such as garbage collection, heap dumps, and session invalidation.
The repository contains a README referencing CVE-2013-4378 and a basic JavaScript file for a Grails sample app using the Javamelody plugin. No exploit code or PoC is present.