CVE-2018-12432by Jeremyin Security Bulletinson Posted on June 15, 2018 JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.