Cross-Site Scripting Vulnerability in GlassFish Web Admin Interface by Sun Microsystems
CVE-2008-5266

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server; Glassfish Server
Vendor: CVE Published:; 28 November 2008

Summary

The GlassFish web administration interface, part of the Sun Java System Application Server, is susceptible to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This occurs through manipulation of the 'name' parameter in the configuration/httpListenerEdit.jsf, providing a vector for potential exploitation that is distinct from other vulnerabilities. Organizations using the affected server builds must implement strategies to mitigate this risk to safeguard their systems against unauthorized access and malicious attacks.

References

http://securityreason.com/securityalert/4659

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/493243/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://webappsecurity.wordpress.com/2008/06/11/xss-glassf...

x_refsource_MISC

Timeline

Vulnerability published
Nov 28, 2008
Vulnerability Reserved
Nov 28, 2008