CVE-2025-14340

Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java‎, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in getContent in ActionReportResultHtmlProvider.java‎, which is accessible via the REST Management Interface. An attacker can cause an administrator to change the admin password by convincing them to follow a...

CVE-2025-14340 Admin Account Takeover via malicious URL payload

Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...

CVE-2025-14340 Admin Account Takeover via malicious URL payload

Cross-site scripting in REST Management Interface in Payara Server 4.1.2.191.54, 5.83.0, 6.34.0, 7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload...

EUVD-2024-48253

Malicious code in bioql PyPI...

CVE-2024-7312

A flaw was found in the Payara Server REST Management Interface modules. This vulnerability allows session hijacking via URL redirection to an untrusted site. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...