Javamelody · Javamelody · CVE-2013-4378
**Name of the Vulnerable Software and Affected Versions**
JavaMelody versions 1.46 and earlier
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted `X-Forwarded-For` header.
**Recommendations**
For JavaMelody versions 1.46 and earlier, update to a version later than 1.46 to resolve the issue.