{"id":"CVE-2024-9343","details":"In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console.","aliases":["GHSA-mqxx-c43h-jj9v"],"modified":"2026-07-15T01:49:04.220777912Z","published":"2025-07-16T10:47:55.853Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"7.0.15"},{"last_affected":"7.0.15"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"eclipse","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9343.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9343.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9343"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/37"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/glassfish","events":[{"introduced":"6f2f4c26b0f825d36b45ef39f6f83ac6b56d438c"},{"last_affected":"6f2f4c26b0f825d36b45ef39f6f83ac6b56d438c"}],"database_specific":{"extracted_events":[{"introduced":"7.0.15"},{"last_affected":"7.0.15"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:eclipse:glassfish:7.0.15:*:*:*:*:*:*:*"}}],"versions":["7.0.15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9343.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N"}]}