Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.
Advisories for Maven/Org.glassfish.main.admingui/Console-Cluster-Plugin package
2025
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.