CVE-2024-10029: Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console

July 16, 2025 (updated July 18, 2025)

In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.

References

github.com/advisories/GHSA-vqrm-83g6-pfv4
github.com/eclipse-ee4j/glassfish
gitlab.eclipse.org/security/cve-assignement/-/issues/40
gitlab.eclipse.org/security/vulnerability-reports/-/issues/226
nvd.nist.gov/vuln/detail/CVE-2024-10029

Code Behaviors & Features

Detect and mitigate CVE-2024-10029 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →