CVE-2013-6235 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp (4) jamonadmin.jsp (5) sql.jsp or (6) exceptions.jsp.

Reference

http://osvdb.org/102570 http://osvdb.org/102571 http://osvdb.org/102572 http://osvdb.org/102573 http://packetstormsecurity.com/files/124933 http://seclists.org/fulldisclosure/2014/Jan/164 http://www.securityfocus.com/archive/1/530877/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/90699