CVE-2024-10031: Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

July 16, 2025 (updated July 18, 2025)

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

References

github.com/advisories/GHSA-hp97-5x6g-q538
github.com/eclipse-ee4j/glassfish
gitlab.eclipse.org/security/cve-assignement/-/issues/41
gitlab.eclipse.org/security/vulnerability-reports/-/issues/229
nvd.nist.gov/vuln/detail/CVE-2024-10031

Code Behaviors & Features

Detect and mitigate CVE-2024-10031 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →