CVE-2009-1553

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669", "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html", "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/34824", "name": "34824", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://dsecrg.com/pages/vul/show.php?id=134", "name": "http://dsecrg.com/pages/vul/show.php?id=134", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668", "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java", "tags": ["Patch", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html", "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", "tags": ["Exploit"], "refsource": "MLIST"}, {"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675", "name": "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://osvdb.org/54255", "name": "54255", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54250", "name": "54250", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54249", "name": "54249", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54256", "name": "54256", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54254", "name": "54254", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2009/1255", "name": "ADV-2009-1255", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/54257", "name": "54257", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54251", "name": "54251", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54253", "name": "54253", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/54252", "name": "54252", "tags": [], "refsource": "OSVDB"}, {"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html", "name": "JVNDB-2009-000027", "tags": [], "refsource": "JVNDB"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1", "name": "258528", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.securityfocus.com/bid/34914", "name": "34914", "tags": [], "refsource": "BID"}, {"url": "http://jvn.jp/en/jp/JVN73653977/index.html", "name": "JVN#73653977", "tags": [], "refsource": "JVN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453", "name": "glassfish-jsa-admininterface-xss(50453)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded", "name": "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1553", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-05-06T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T19:37Z"}