Stored Cross-Site Scripting Vulnerability in Eclipse GlassFish Administration Console
CVE-2024-10032

6.1MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Glassfish
Vendor: CVE Published:; 16 July 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2024-10032?

Eclipse GlassFish version 7.0.15 contains a vulnerability that allows attackers to execute stored cross-site scripting (XSS) attacks via the Administration Console. This flaw can lead to unauthorized access and manipulation of sensitive data by injecting malicious scripts, potentially compromising the security of the server and its users. It's crucial for administrators to apply necessary patches or mitigations to safeguard against potential exploits.

Affected Version(s)

Eclipse Glassfish 7.0.15

References

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Oct 16, 2024

Credit

Marco Ventura

Claudia Bartolini

Andrea Carlo Maria Dattola

Debora Esposito

Massimiliano Brolli