JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.