CVE-2024-10031
published 2025-07-16CVE-2024-10031: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.16%
5.7th percentile
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eclipse | glassfish | — | — |
| eclipse_foundation | eclipse_glassfish | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.8MEDIUMCVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
ghsa·2025-07-16
CVE-2024-10031 [MEDIUM] CWE-79 Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.
OSV
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
osv·2025-07-16
CVE-2024-10031 [MEDIUM] Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-16
Published