Multiple XSS Vulnerabilities in Sun Java System Application Server 9.1_01
CVE-2008-2751
Currently unrated
Summary
The Sun Java System Application Server 9.1_01 contains multiple cross-site scripting (XSS) vulnerabilities in its Glassfish web administrative interface. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML content through specific parameters, potentially compromising the integrity and confidentiality of the application. Exploitation can occur via several input fields, enabling attackers to execute malicious scripts in the context of the user's session, which could lead to unauthorized actions and data leakage.
References
Timeline
Vulnerability published
Vulnerability Reserved