CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3314
https://notcve.org/view.php?id=CVE-2021-3314
25 Jun 2021 — Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... • https://n4nj0.github.io/advisories/oracle-glassfish-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 52%CPEs: 3EXPL: 2CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
30 Dec 2011 — Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 88%CPEs: 4EXPL: 2CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
19 Apr 2011 — Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desc... • https://packetstorm.news/files/id/181110 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4438
https://notcve.org/view.php?id=CVE-2010-4438
19 Jan 2011 — Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS). • http://osvdb.org/70572 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 11CVE-2009-1553 – GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1553
06 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, ... • https://www.exploit-db.com/exploits/32980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 4CVE-2009-1554 – Woodstock 4.2 404 - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1554
06 May 2009 — Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en ThemeServlet.java in Sun Woodstock v4.2 usado en Sun GlassFish Enterprise Server y otros ... • https://www.exploit-db.com/exploits/32987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 7CVE-2008-2751 – GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2751
18 Jun 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propert... • https://www.exploit-db.com/exploits/31927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •