CVE-2009-1553

EPSS 8.2%

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/32980unverified exploitdbwww.exploit-db.com/exploits/32981unverified exploitdbwww.exploit-db.com/exploits/32971unverified exploitdbwww.exploit-db.com/exploits/32974unverified exploitdbwww.exploit-db.com/exploits/32975unverified exploitdbwww.exploit-db.com/exploits/32977unverified exploitdbwww.exploit-db.com/exploits/32978unverified exploitdbwww.exploit-db.com/exploits/32979unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://dsecrg.com/pages/vul/show.php?id=134 http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html http://jvn.jp/en/jp/JVN73653977/index.html http://osvdb.org/54249 http://osvdb.org/54250 http://osvdb.org/54251 http://osvdb.org/54252 http://osvdb.org/54253 http://osvdb.org/54254 http://osvdb.org/54255 http://osvdb.org/54256 http://osvdb.org/54257