Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

Remediation

References

CVE-2009-1553

Related Vulnerabilities

WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.23)

MySQL CVE-2014-0420 Vulnerability (CVE-2014-0420)

PHP Use After Free Vulnerability (CVE-2016-4473)

Apache HTTP Server Other Vulnerability (CVE-2006-4110)

WordPress Plugin Crisp Live Chat Cross-Site Request Forgery (0.31)

Severity

Medium

Classification

CVE-2009-1553 CWE-707

Tags

Missing Update Known Vulnerabilities