What the vulnerability does
01Description
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVSS base score
4.5/10
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
Key dates
02Disclosure timeline
July 16, 2025
CVE published
July 16, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-5468 Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-57954 WordPress Poll Maker Plugin <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2021-31832 Cross site scripting vulnerability in DLP Endpoint for Windows
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
CVE-2024-47333 WordPress Loops & Logic plugin <= 4.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
