5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.017 Low
EPSS
Percentile
87.8%
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
CPE | Name | Operator | Version |
---|---|---|---|
oracle:glassfish_server | oracle glassfish server | eq | 2.1 |
dsecrg.com/pages/vul/show.php?id=134
jvn.jp/en/jp/JVN73653977/index.html
jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html
osvdb.org/54249
osvdb.org/54250
osvdb.org/54251
osvdb.org/54252
osvdb.org/54253
osvdb.org/54254
osvdb.org/54255
osvdb.org/54256
osvdb.org/54257
sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1
www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
www.securityfocus.com/archive/1/503236/100/0/threaded
www.securityfocus.com/bid/34824
www.securityfocus.com/bid/34914
www.vupen.com/english/advisories/2009/1255
exchange.xforce.ibmcloud.com/vulnerabilities/50453
glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668
glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669
glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675