CVE-2008-5266

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
sunjava_system_application_server
9.1_01:_01
sunjava_system_application_server
9.1_02:_02
oracleglassfish_server
2.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glassfish
cosmic
dne
bionic
ignored
artful
ignored
zesty
ignored
yakkety
ignored
xenial
ignored
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/30604
http://securityreason.com/securityalert/4659
http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/
http://www.securityfocus.com/archive/1/493243/100/0/threaded
http://www.securityfocus.com/bid/29646
https://exchange.xforce.ibmcloud.com/vulnerabilities/47029
http://secunia.com/advisories/30604
http://securityreason.com/securityalert/4659
http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/
http://www.securityfocus.com/archive/1/493243/100/0/threaded
http://www.securityfocus.com/bid/29646
https://exchange.xforce.ibmcloud.com/vulnerabilities/47029