CVE-2024-10029
published 2025-07-16CVE-2024-10029: In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.20%
9.7th percentile
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eclipse | glassfish | — | — |
| eclipse_foundation | eclipse_glassfish | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.04.5MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
osv·2025-07-16
CVE-2024-10029 [MEDIUM] Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.
GHSA
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
ghsa·2025-07-16
CVE-2024-10029 [MEDIUM] CWE-79 Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-16
Published