Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2008-5266

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

  • Published: Nov 28, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-5266
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
sun / java_system_application_server 9.1_01-b09d-fcs 9.1_01-b09d-fcs.x
sun / java_system_application_server 9.1_02-b04-fcs 9.1_02-b04-fcs.x
oracle / glassfish_server 2.0 2.0.x