XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

2008-06-10 / 2008-06-11
Credit: Eduardo Jorge
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

============================== XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) ============================== Author: Eduardo Neves a.k.a _eth0_ Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION : Glassfish webadmin interface VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs) VENDOR : http://www.sun.com DOWNLOAD : https://glassfish.dev.java.net/ ============================== IMPACT: XSS, XSRF, etc. Severity: Low (or not?) ============================== Descrition: This vulnerability was found in Edit HTTP Listener section in Glassfish web admin interface. This is a vulnerable URL: http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config <pre>-- |_|0|_| Serrano Neves - a.k.a eth0|_|_|0| http://webappsecurity.wordpress.com|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds</pre>

References:

http://seclists.org/bugtraq/2008/Jun/0087.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top