216.73.216.133

CVE-2025-1534

· Published 01/04/2025 04:15 · Modified 01/04/2025 20:26

Labels: CVE-2025-1534 2025-04-01769c9ae7-73c3-4e47-ae19-903170fc3eb8CVE-2025-1534

Essential information

Published
01/04/2025 04:15
Modified
01/04/2025 20:26
Author
Creator
CVSS
6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
769c9ae7-73c3-4e47-ae19-903170fc3eb8
NVD
View on NVD

Affected products (CPE)

ProductCPE
payara / payara server cpe:2.3:a:payara:payara_server:4.1.2.1919.1-4.1.2.191.51:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:5.20.0-5.68.0:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:6.0.0-6.23.0:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:6.2022.1-6.2025.2:*:*:*:*:*:*:*

References