{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded" }, { "name": "258528", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1" }, { "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", "refsource": "MLIST", "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html" }, { "name": "54254", "refsource": "OSVDB", "url": "http://osvdb.org/54254" }, { "name": "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/", "refsource": "MLIST", "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675" }, { "name": "54256", "refsource": "OSVDB", "url": "http://osvdb.org/54256" }, { "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", "refsource": "MLIST", "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html" }, { "name": "54250", "refsource": "OSVDB", "url": "http://osvdb.org/54250" }, { "name": "54253", "refsource": "OSVDB", "url": "http://osvdb.org/54253" }, { "name": "54257", "refsource": "OSVDB", "url": "http://osvdb.org/54257" }, { "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/", "refsource": "MLIST", "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669" }, { "name": "glassfish-jsa-admininterface-xss(50453)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453" }, { "name": "JVNDB-2009-000027", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html" }, { "name": "ADV-2009-1255", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1255" }, { "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java", "refsource": "MLIST", "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668" }, { "name": "54252", "refsource": "OSVDB", "url": "http://osvdb.org/54252" }, { "name": "54255", "refsource": "OSVDB", "url": "http://osvdb.org/54255" }, { "name": "http://dsecrg.com/pages/vul/show.php?id=134", "refsource": "MISC", "url": "http://dsecrg.com/pages/vul/show.php?id=134" }, { "name": "54249", "refsource": "OSVDB", "url": "http://osvdb.org/54249" }, { "name": "JVN#73653977", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN73653977/index.html" }, { "name": "54251", "refsource": "OSVDB", "url": "http://osvdb.org/54251" }, { "name": "34824", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34824" }, { "name": "34914", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34914" } ] } }