GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting

2009-05-05T00:00:00

Description

{"id": "EDB-ID:32980", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting", "description": "", "published": "2009-05-05T00:00:00", "modified": "2009-05-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/32980", "reporter": "DSecRG", "references": [], "cvelist": ["2009-1553"], "immutableFields": [], "lastseen": "2022-08-16T08:29:29", "viewCount": 7, "enchantments": {"dependencies": {}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "_state": {"dependencies": 1661190352, "score": 1661184847, "epss": 1678800746}, "_internal": {"score_hash": "48412482dfbe33f74ba3c7cd0ab53e78"}, "sourceHref": "https://www.exploit-db.com/download/32980", "sourceData": "source: https://www.securityfocus.com/bid/34824/info\r\n \r\nGlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.\r\n \r\nAttacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.\r\n \r\nGlassFish Enterprise Server 2.1 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/configuration/auditModuleEdit.jsf?name=<IMG SRC=javascript:alert('DSecRG_XSS')>", "osvdbidlist": ["54255"], "exploitType": "remote", "verified": true}

GlassFish Enterprise Server 2.1 - Admin Console &#039;/configuration/auditModuleEdit.jsf?name&#039; Cross-Site Scripting

Description

GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting