CVE-2009-1553

{"id": "CVE-2009-1553", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-05-06T16:30:00.517", "references": [{"url": "http://dsecrg.com/pages/vul/show.php?id=134", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://jvn.jp/en/jp/JVN73653977/index.html", "source": "[email protected]"}, {"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html", "source": "[email protected]"}, {"url": "http://osvdb.org/54249", "source": "[email protected]"}, {"url": "http://osvdb.org/54250", "source": "[email protected]"}, {"url": "http://osvdb.org/54251", "source": "[email protected]"}, {"url": "http://osvdb.org/54252", "source": "[email protected]"}, {"url": "http://osvdb.org/54253", "source": "[email protected]"}, {"url": "http://osvdb.org/54254", "source": "[email protected]"}, {"url": "http://osvdb.org/54255", "source": "[email protected]"}, {"url": "http://osvdb.org/54256", "source": "[email protected]"}, {"url": "http://osvdb.org/54257", "source": "[email protected]"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1", "source": "[email protected]"}, {"url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/34824", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/34914", "source": "[email protected]"}, {"url": "http://www.vupen.com/english/advisories/2009/1255", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453", "source": "[email protected]"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://dsecrg.com/pages/vul/show.php?id=134", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvn.jp/en/jp/JVN73653977/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54249", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54250", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54251", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54252", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54253", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54254", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54255", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54256", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/54257", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34824", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34914", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/1255", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Admin Console en Sun GlassFish Enterprise Server v2.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de una consulta a (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, o (6) webService/webServicesGeneral.jsf; o del par\u00e1metro \"name\" a (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBDD6781-CF9E-4ED3-861F-99217EE0711C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}