CVE-2009-1553

Oracle Glassfish Server - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

Exploits (8)

exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32974
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32980
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32981
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32975
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32977
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32979
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32971
exploitdb WORKING POC VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32978

References (23)

... and 3 more

Scores

EPSS 0.0183
EPSS Percentile 82.7%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

oracle/glassfish_server

Timeline

Published May 06, 2009
Tracked Since Feb 18, 2026