GlassFish Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-1553

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf (2) configuration/configuration.jsf (3) customMBeans/customMBeans.jsf (4) resourceNode/resources.jsf (5) sysnet/registration.jsf or (6) webService/webServicesGeneral.jsf or the name parameter to (7) configuration/auditModuleEdit.jsf (8) configuration/httpListenerEdit.jsf or (9) resourceNode/jdbcResourceEdit.jsf.