{"id":"UBUNTU-CVE-2008-5266","details":"Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.","modified":"2025-08-01T04:49:06Z","published":"2008-11-28T19:00:00Z","withdrawn":"2025-08-01T19:34:09Z","upstream":["CVE-2008-5266"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2008-5266"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2008-5266"}],"affected":[{"package":{"name":"glassfish","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/glassfish@1:2.1.1-b31g+dfsg1-3?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:2.1.1-b31g+dfsg1-3"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2008/UBUNTU-CVE-2008-5266.json"}},{"package":{"name":"glassfish","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/glassfish@1:2.1.1-b31g+dfsg1-4?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:2.1.1-b31g+dfsg1-4"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2008/UBUNTU-CVE-2008-5266.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}