Test ID:	1.3.6.1.4.1.25623.1.0.100191
Category:	Web Servers
Title:	GlassFish Enterprise Server <= 2.1 Multiple XSS Vulnerabilities
Summary:	GlassFish Enterprise Server is prone to multiple cross-site; scripting (XSS) vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Description:	Summary: GlassFish Enterprise Server is prone to multiple cross-site scripting (XSS) vulnerabilities because it fails to sufficiently sanitize user-supplied input. Vulnerability Impact: Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. Affected Software/OS: GlassFish Enterprise Server version 2.1 and probably prior. Solution: Please see the references for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1553 BugTraq ID: 34824 http://www.securityfocus.com/bid/34824 BugTraq ID: 34914 http://www.securityfocus.com/bid/34914 Bugtraq: 20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies (Google Search) http://www.securityfocus.com/archive/1/503236/100/0/threaded http://jvn.jp/en/jp/JVN73653977/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html http://dsecrg.com/pages/vul/show.php?id=134 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675 http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html http://osvdb.org/54249 http://osvdb.org/54250 http://osvdb.org/54251 http://osvdb.org/54252 http://osvdb.org/54253 http://osvdb.org/54254 http://osvdb.org/54255 http://osvdb.org/54256 http://osvdb.org/54257 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1 http://www.vupen.com/english/advisories/2009/1255 XForce ISS Database: glassfish-jsa-admininterface-xss(50453) https://exchange.xforce.ibmcloud.com/vulnerabilities/50453
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.