CVE-2008-2751

🗓️ 18 Jun 2008 19:29:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

Multiple XSS vulnerabilities in Glassfish webadmin interface in Sun Java System Application Server 9.1_0

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2008-2751	16 Jun 200800:00	–	circl
Cvelist	CVE-2008-2751	18 Jun 200819:29	–	cvelist
EUVD	EUVD-2008-2744	7 Oct 202500:30	–	euvd
NVD	CVE-2008-2751	18 Jun 200819:41	–	nvd
OSV	UBUNTU-CVE-2008-2751	18 Jun 200819:41	–	osv
Prion	Cross site scripting	18 Jun 200819:41	–	prion
Prion	Cross site scripting	28 Nov 200819:00	–	prion
UbuntuCve	CVE-2008-2751	18 Jun 200819:41	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2008-2751	19 Aug 202500:00	–	nessus

NVD

Node

oracle glassfish_serverMatch1.0

oracle glassfish_serverMatch1.0ur1

oracle glassfish_serverMatch1.0ur1_po1

oracle glassfish_serverMatch2.0

oracle glassfish_serverMatch2.1

oracle glassfish_serverMatch2.1.1

oracle glassfish_serverMatch3.0

oracle glassfish_serverMatch3.0.1

sun java_system_application_serverMatch9.1_01

Source	Link
securityreason	www.securityreason.com/securityalert/3949
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/42989
securityfocus	www.securityfocus.com/bid/29751
securityfocus	www.securityfocus.com/archive/1/493370/100/0/threaded

Parameter	Position	Path	Description	CWE
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew	request body	resourceNode/customResourceNew.jsf	Cross-site scripting via form fields to customResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType	request body	resourceNode/customResourceNew.jsf	Cross-site scripting via form fields to customResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass	request body	resourceNode/customResourceNew.jsf	Cross-site scripting via form fields to customResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc	request body	resourceNode/customResourceNew.jsf	Cross-site scripting via form fields to customResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew	request body	resourceNode/externalResourceNew.jsf	Cross-site scripting via externalResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType	request body	resourceNode/externalResourceNew.jsf	Cross-site scripting via externalResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass	request body	resourceNode/externalResourceNew.jsf	Cross-site scripting via externalResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup	request body	resourceNode/externalResourceNew.jsf	Cross-site scripting via externalResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc	request body	resourceNode/externalResourceNew.jsf	Cross-site scripting via externalResourceNew.jsf in Glassfish webadmin	CWE-79
propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi	request body	resourceNode/jmsDestinationNew.jsf	XSS in jmsDestinationNew.jsf via form fields	CWE-79

23 Apr 2026 00:35Current

5.7Medium risk

Vulners AI Score5.7

CVSS 24.3

EPSS0.00651

CWE-79