Description

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

Remediation

References

CVE-2008-5266

Related Vulnerabilities

WordPress Plugin WordPress Payments-GetPaid Cross-Site Scripting (2.3.3)

Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.71)

WordPress Plugin WooCommerce Cross-Site Scripting (3.5.4)

Severity

Medium

Classification

CVE-2008-5266 CWE-707

Tags

Missing Update Known Vulnerabilities