74 matches found
Payara Server - Cross-Site Scripting
Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...
CVE-2026-12986
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
CVE-2026-12986
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-38793
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
CVE-2026-12986
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
📄 Payara Server Cross Site Scripting
Research details on exploitation for a cross site scripting vulnerability in Payara's administration REST interface. Versions below 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 are affected. XSS to Admin account takeover CVE-2025-14340 A Cross-Site Scripting vulnerability in Payara’s Administration...
CVE-2025-14340
Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...
CVE-2025-14340
Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...
CVE-2025-14340
Payara Server stores a cross-site scripting (XSS) vulnerability in the REST Management Interface affecting versions <4.1.2.191.54, <5.83.0, <6.34.0, and
CVE-2025-14340 Admin Account Takeover via malicious URL payload
Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...
CVE-2025-14340 Admin Account Takeover via malicious URL payload
Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...
PT-2026-20388
Name of the Vulnerable Software and Affected Versions Payara Server versions prior to 4.1.2.191.54 Payara Server versions prior to 5.83.0 Payara Server versions prior to 6.34.0 Payara Server versions prior to 7.2026.1 Description A cross-site scripting issue exists in the REST Management Interfac...
Payara Server 安全漏洞
Payara Server is a cloud-native, innovative open-source middleware platform developed by Payara Ltd. In versions prior to 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1, there were security vulnerabilities. These vulnerabilities stemmed from cross-site scripting in the REST management interface, whic...
CVE-2025-1534
CVE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, fr...
EUVD-2023-1140
Malicious code in bioql PyPI...
EUVD-2023-46191
Malicious code in bioql PyPI...
EUVD-2024-48937
Malicious code in bioql PyPI...
EUVD-2024-41751
Malicious code in bioql PyPI...
EUVD-2025-9125
Malicious code in bioql PyPI...
EUVD-2024-48253
Malicious code in bioql PyPI...