← Back to CVEs
CVE-2025-14340
N/ADescription
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
CVE Details
CVSS v3.1 ScoreN/A
Published2/18/2026
Last Modified2/18/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-79
References
https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html(769c9ae7-73c3-4e47-ae19-903170fc3eb8)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.