From ${URL} : Multiple non-persistent Cross-Site Scripting vulnerabilities have been identified [1] in the JAMon web application. JAMon contains a flaw that allows multiple reflected cross-site scripting (XSS) attacks. This flaw exists because certain pages do not validate input before returning it to users. This issue is reported to affect version 2.7, and has not yet been fixed upstream. [1] http://seclists.org/bugtraq/2014/Jan/92 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp. 2.8.1 is available upstream.
Working on it.
Now bumped to 2.81 and the old version has gone. I don't think we were affected by the vulnerability as we didn't install the war file before. We do now though.
@chewi, thanks for the bump and cleanup.
