Stored Cross-site Scripting Vulnerability in Eclipse GlassFish by Eclipse Foundation
CVE-2024-10031

5.8MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Glassfish
Vendor: CVE Published:; 16 July 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2024-10031?

A vulnerability in Eclipse GlassFish version 7.0.15 allows an attacker to execute Stored Cross-site Scripting (XSS) attacks via manipulation of the configuration file on the underlying operating system. This exploitation can compromise the integrity of the application and put user data at risk.

Affected Version(s)

Eclipse Glassfish 7.0.15

References

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Oct 16, 2024

Credit

Marco Ventura

Claudia Bartolini

Andrea Carlo Maria Dattola

Debora Esposito

Massimiliano Brolli