CVE-2024-8215
Severity CVSS v4.0:
HIGH
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
08/10/2024
Last modified:
16/10/2024
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH
Base Score 3.x
8.40
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:* | 4.1.2.191 (including) | 4.1.2.191.51 (excluding) |
| cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:* | 5.20.0 (including) | 5.68.0 (excluding) |
| cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:* | 6.0.0 (including) | 6.19.0 (including) |
| cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:* | 6.2022.1 (including) | 6.2024.10 (excluding) |
To consult the complete list of CPE names with products and versions, see this page