Reflected Cross-Site Scripting in Oracle GlassFish Server
CVE-2021-3314

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Glassfish Server
Vendor
CVE Published:
25 June 2021

What is CVE-2021-3314?

Oracle GlassFish Server versions 3.1.2.18 and earlier are vulnerable to reflected cross-site scripting (XSS) attacks due to flaws in the handling of the log viewer page. An attacker can exploit this vulnerability by crafting a malicious URL that, when visited by an administrator, injects dangerous content. The content is reflected back and executed in the browser, potentially compromising user sessions and data. This vulnerability is notably significant as it affects products that are no longer maintained, emphasizing the importance of regular updates and security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.gruppotim.it/redteam
x_refsource_MISC
https://n4nj0.github.io/advisories/oracle-glassfish-refle...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.