CVE-2011-2260

Oracle Sun Products Suite 2.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2260. PoCs published by Sense of Security.

AI-analyzed exploit summary This advisory describes a stored and reflected XSS vulnerability in Oracle Sun GlassFish Enterprise Server. The stored XSS is triggered by injecting malicious scripts into the username field, which executes when an administrator views the log. The reflected XSS is triggered by manipulating the windowTitle or helpFile parameters in a specific URL.

Description

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.

Exploits (1)

exploitdb WRITEUP
by Sense of Security · textwebappsjsp
https://www.exploit-db.com/exploits/17551

This advisory describes a stored and reflected XSS vulnerability in Oracle Sun GlassFish Enterprise Server. The stored XSS is triggered by injecting malicious scripts into the username field, which executes when an administrator views the log. The reflected XSS is triggered by manipulating the windowTitle or helpFile parameters in a specific URL.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Oracle Sun GlassFish Enterprise Server 2.1.1 (v2.1 Patch06)(9.1_02 Patch12) (build b31g-fcs)
No auth needed
Prerequisites: Access to the login page or specific URL parameters
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-201A.html

Scores

EPSS 0.0329
EPSS Percentile 86.9%

Details

Status published
Products (1)
oracle/sun_products_suite 2.1.1
Published Jul 20, 2011
Tracked Since Feb 18, 2026