Description
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
Remediation
References
Related Vulnerabilities
Ruby Improper Authentication Vulnerability (CVE-2009-0642)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-33334)
WordPress Plugin Blunt GA Cross-Site Scripting (4.0.0)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5866)