CVE-2025-1534 MEDIUM

CVE-2025-1534: Cross-site Scripting (Stored)

Vendor Payara Platform
Product Payara Server
Published April 1, 2025
Last update April 7, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/R:U

What the vulnerability does

01Description

CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.

Key dates

02Disclosure timeline

April 1, 2025 CVE published
April 7, 2025 Record updated