Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.
Advisories for Maven/Org.glassfish.main.admingui/Console-Common package
2025
Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints
In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints.
Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console
In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console.
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.