Home
HIGH: 7.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:RedDefault status
unaffected
4.1.153.1 (custom)
affected
5.20.0 (semver)
affected
6.0.0 (semver)
affected
7.2024.1.Alpha1 (semver)
affected
6.2022.1 (semver)
affected
5.2020.2 (semver)
affected
5.181 (semver)
affected
4.1.2.191.54 (custom)
unaffected
5.83.0 (semver)
unaffected
6.34.0 (semver)
unaffected
7.2026.1 (semver)
unaffected
Description
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Product status
4.1.153.1 (custom)
5.20.0 (semver)
6.0.0 (semver)
7.2024.1.Alpha1 (semver)
6.2022.1 (semver)
5.2020.2 (semver)
5.181 (semver)
4.1.2.191.54 (custom)
5.83.0 (semver)
6.34.0 (semver)
7.2026.1 (semver)
Credits
Camilo G. AkA Dédalo [https://x.com/SeguridadBlanca] (DeepSecurity Perú - [https://www.deepsecurity.pe])
References
docs.payara.fish/...ise/docs/Security/Security Fix List.html