5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
console-common is vulnerable to cross-site scripting (XSS) attacks. They are possible because it does not perform HTML escaping properly.
lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html
marc.info/?l=bugtraq&m=134496371727681&w=2
rhn.redhat.com/errata/RHSA-2012-0734.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
www.securityfocus.com/bid/53136
www.securitytracker.com/id?1026941
github.com/payara/Payara/commit/536f63f9a169313ae171415ad689667eedbb3f7c
github.com/payara/Payara/commit/ce67192bbd825c3c140c202e9935b268c90c3e46
java.net/projects/glassfish/lists/commits/archive/2011-12/message/604
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16707