Reflected Cross-Site Scripting Vulnerability in Eclipse GlassFish Administration Console
CVE-2024-10029

4.5MEDIUM

Key Information:

Vendor

Eclipse Foundation

Status
Eclipse Glassfish
Vendor
CVE Published:
16 July 2025

What is CVE-2024-10029?

A vulnerability in the Administration Console of Eclipse GlassFish version 7.0.15 allows attackers to execute reflected cross-site scripting attacks. This could enable malicious users to inject scripts into the console, potentially compromising the security of the application by manipulating trusted content displayed to users.

Affected Version(s)

Eclipse Glassfish 7.0.15

References

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V4

Score:
4.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

redTeamTIM
.
CVE-2024-10029 : Reflected Cross-Site Scripting Vulnerability in Eclipse GlassFish Administration Console