CVE-2024-9343

Description

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.

Affected packages (1)

• Maven/org.glassfish.main.admingui:console-commonfrom 0, <= 7.0.25

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9343
• PATCHhttps://github.com/eclipse-ee4j/glassfish
• WEBhttps://gitlab.eclipse.org/security/cve-assignement/-/issues/37
• WEBhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/230