Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12cXJtLTgzZzYtcGZ2NM4ABKND

Moderate CVSS: 4.5 EPSS: 0.00027% (0.05602 Percentile) EPSS:
Permalink JSON

Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console

Affected Packages Affected Versions Fixed Versions
maven:org.glassfish.main.admingui:console-cluster-plugin <= 7.0.25 No known fixed version
3 Dependent packages
4 Dependent repositories

Affected Version Ranges

All affected versions

5.1.0, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25
maven:org.glassfish.main.admingui:console-common <= 7.0.25 No known fixed version
12 Dependent packages
10 Dependent repositories

Affected Version Ranges

All affected versions

5.1.0, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25

In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.

References:

Identifiers

GHSA-vqrm-83g6-pfv4

CVE-2024-10029

Risk

Severity

Moderate

CVSS

CVSS Score: 4.5

CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

EPSS

EPSS Percentage: 0.00027

EPSS Percentile: 0.05602

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

13 days ago

Updated

11 days ago

API

JSON