CVE-2024-9343: Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console

July 16, 2025 (updated July 18, 2025)

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console.

References

github.com/advisories/GHSA-mqxx-c43h-jj9v
github.com/eclipse-ee4j/glassfish
gitlab.eclipse.org/security/cve-assignement/-/issues/37
gitlab.eclipse.org/security/vulnerability-reports/-/issues/230
nvd.nist.gov/vuln/detail/CVE-2024-9343

Code Behaviors & Features

Detect and mitigate CVE-2024-9343 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →