Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

Remediation

References

CVE-2009-1553

Related Vulnerabilities

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190)

WordPress Plugin Gallery by BestWebSoft Cross-Site Scripting (4.2.1)

MySQL CVE-2019-2803 Vulnerability (CVE-2019-2803)

WordPress Plugin Easy Team Manager SQL Injection (1.3.2)

Severity

Medium

Classification

CVE-2009-1553 CWE-707

Tags

Missing Update Known Vulnerabilities