CVE-2021-3314

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 67.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Glassfish Server
Timeline
PublishedJun 25
Latest updateMay 24

Description

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8gpf-3qr7-v8gh: ** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 32022-05-24
CVEList
CVE-2021-3314: Oracle GlassFish Server 32021-06-25
CVE-2021-3314 (MEDIUM CVSS 6.1) | Oracle GlassFish Server 3.1.2.18 an | cvebase.io