Description
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
Exploits (8)
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32979
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32978
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32977
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32975
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32974
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32971
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32981
exploitdb
WORKING POC
VERIFIED
by DSecRG · textremotemultiple
https://www.exploit-db.com/exploits/32980
References (23)
Core 23
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503236/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1
Exploit mailing-list
x_refsource_mlist
http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54254
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54256
Various Sources mailing-list
x_refsource_mlist
http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54250
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54253
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54257
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50453
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1255
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54252
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54255
Exploit x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54249
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN73653977/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54251
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34824
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34914
Scores
EPSS
0.0183
EPSS Percentile
83.0%
Details
CWE
CWE-79
Status
published
Products (1)
oracle/glassfish_server
2.1
Published
May 06, 2009
Tracked Since
Feb 18, 2026