Oracle GlassFish Server Cross-Site Scripting Vulnerability

Summary
The host is running GlassFish Server and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application
Solution
Apply the security updates. http://www.oracle.com/technetwork/topics/security/whatsnew/index.html
Insight
The flaw is due to error in the handling of log viewer, which fails to securely output encode logged values. An unauthenticated attacker can trigger the application to log a malicious string by entering the values into the username field.
Affected
Oracle GlassFish Server version 2.1.1
References