org.glassfish.main.admingui:console-common 8.0.0-JDK17-M12 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.glassfish.main.admingui:console-common package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Administration Console`. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input that is later rendered without proper sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.glassfish.main.admingui:console-common`.	[0,)
H Server-side Request Forgery (SSRF) Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via specific endpoints. An attacker can make the system initiate arbitrary network requests to internal or external resources by sending crafted requests to these endpoints. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `org.glassfish.main.admingui:console-common`.	[0,)
M Brute Force Affected versions of this package are vulnerable to Brute Force via the `login` process. An attacker can gain unauthorized access or disrupt service by repeatedly attempting authentication without restriction. How to fix Brute Force? There is no fixed version for `org.glassfish.main.admingui:console-common`.	[0,)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Administration Console`. An attacker can execute arbitrary scripts in the context of a user's browser by tricking the user into visiting a crafted URL. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.glassfish.main.admingui:console-common`.	[0,)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via modifications to the configuration file in the underlying operating system. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content into the configuration file. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.glassfish.main.admingui:console-common`.	[0,)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input that is later rendered without proper sanitization.

How to fix Cross-site Scripting (XSS)?