← Volver a CVEs
CVE-2025-14340
N/ADescripcion
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado2/18/2026
Ultima modificacion2/18/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-79
Referencias
https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html(769c9ae7-73c3-4e47-ae19-903170fc3eb8)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.