Multiple XSS Vulnerabilities in Sun Java System Application Server 9.1_01
CVE-2008-2751

Currently unrated

Key Information:

Vendor
Oracle
Status
Glassfish Server
Java System Application Server
Vendor
CVE Published:
18 June 2008

Summary

The Sun Java System Application Server 9.1_01 contains multiple cross-site scripting (XSS) vulnerabilities in its Glassfish web administrative interface. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML content through specific parameters, potentially compromising the integrity and confidentiality of the application. Exploitation can occur via several input fields, enabling attackers to execute malicious scripts in the context of the user's session, which could lead to unauthorized actions and data leakage.

References

http://www.securityfocus.com/archive/1/493370/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/42989
vdb-entryx_refsource_XF
http://securityreason.com/securityalert/3949
third-party-advisoryx_refsource_SREASON

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.