3541 matches found
GHSA-62G9-99M7-W8WV Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console...
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...
CVE-2024-10031
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...
CVE-2024-10031
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...
CVE-2024-9343
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-9342
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts...
CVE-2024-10032
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-9343
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-9342
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts...
CVE-2024-10032
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-10029
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console...
CVE-2024-10029
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console...
CVE-2024-9408
Eclipse GlassFish 6.2.5 and later is affected by an SSRF vulnerability in specific endpoints due to insufficient validation of user-supplied URLs. The issue allows the server to initiate arbitrary network requests to internal or external resources. Public sources (including NVD, Red Hat, Veracode...
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...
CVE-2024-10032
CVE-2024-10032 affects Eclipse GlassFish 7.0.15, enabling Stored XSS attacks via the Administration Console. The issue targets the console-administration UI (org.glassfish.main.admingui:console-cluster-plugin) and is described across multiple sources (NVD/Red Hat/OSV/GHSA). The connected data con...
CVE-2024-10032
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-10032
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
CVE-2024-10031
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...