Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
References
Configurations
History
No history.
Information
Published : 2009-05-06 16:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1553
Mitre link : CVE-2009-1553
CVE.ORG link : CVE-2009-1553
JSON object : View
Products Affected
oracle
- glassfish_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')