Eclipse: >> Glassfish >> 7.0.15 Security Vulnerabilities
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-16
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-16
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-09-30