← Voltar para CVEs
CVE-2025-14340
N/ADescricao
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/18/2026
Ultima modificacao2/18/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-79
Referencias
https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html(769c9ae7-73c3-4e47-ae19-903170fc3eb8)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.