Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1553 — Cross-site Scripting in Oracle Glassfish Server

CWE-79 — Cross-site Scripting13 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Glassfish Server

Timeline

PublishedMay 6

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListen…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/glassfish_server2.1

Patches

Patch: glassfish.dev.java.net ↗Patch: glassfish.dev.java.net ↗Patch: glassfish.dev.java.net ↗

🔴Vulnerability Details

GHSA

GHSA-54q2-f3hp-xggh: Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2↗2022-05-02

▶

OSV

CVE-2009-1553: Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2↗2009-05-06

▶

CVEList

CVE-2009-1553: Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2↗2009-05-06

▶

💥Exploits & PoCs

Exploit-DB

GlassFish Enterprise Server 2.1 - Admin Console /customMBeans/customMBeans.jsf URI Cross-Site Scripting↗2009-05-05

▶

Exploit-DB

GlassFish Enterprise Server 2.1 - Admin Console /resourceNode/resources.jsf URI Cross-Site Scripting↗2009-05-05

▶

Exploit-DB

GlassFish Enterprise Server 2.1 - Admin Console '/resourceNode/jdbcResourceEdit.jsf?name' Cross-Site Scripting↗2009-05-05

▶

Exploit-DB

GlassFish Enterprise Server 2.1 - Admin Console /sysnet/registration.jsf URI Cross-Site Scripting↗2009-05-05

▶

Exploit-DB

GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting↗2009-05-05

▶

💬Community

Bugzilla

clamav: security fixes in upstream 0.95.1 (CVE-2009-1371, CVE-2009-1372)↗2009-04-09

▶