CVE-2024-10031 — Cross-site Scripting in Foundation Eclipse Glassfish

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.0%

top 89.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Eclipse Glassfish Eclipse Glassfish

Timeline

PublishedJul 16

Description

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages2 packages

▶NVDeclipse/glassfish7.0.15

▶CVEListV5eclipse_foundation/eclipse_glassfish7.0.15

🔴Vulnerability Details

CVEList

CVE-2024-10031: In Eclipse GlassFish version 7↗2025-07-16

▶

GHSA

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications↗2025-07-16

▶

OSV

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications↗2025-07-16

▶