CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3314
https://notcve.org/view.php?id=CVE-2021-3314
25 Jun 2021 — Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... • https://n4nj0.github.io/advisories/oracle-glassfish-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 52%CPEs: 3EXPL: 2CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
30 Dec 2011 — Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 4CVE-2009-1554 – Woodstock 4.2 404 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1554
06 May 2009 — Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en ThemeServlet.java in Sun Woodstock v4.2 usado en Sun GlassFish Enterprise Server y otros ... • https://www.exploit-db.com/exploits/32987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 7CVE-2008-2751 – GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2751
18 Jun 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propert... • https://www.exploit-db.com/exploits/31927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •