Summary
GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
GlassFish Enterprise Server 2.1 is vulnerable
other versions may
also be affected.
Solution
Updates are available. Please see https://glassfish.dev.java.net/ and/or http://www.sun.com/software/products/appsrvr/index.xml for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1553 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability