From: Ken Paulsen <Ken.Paulsen_at_Sun.COM>
Date: Mon, 16 Jun 2008 17:20:59 -0700

Hi Eduardo,

Thanks for pointing these out. We did see this brought up last week.
These issues have been evaluated and will be fixed. However, none of
them (that I am aware of) are exploitable without being logged into the
admin console.

Thanks!

Ken Paulsen

Eduardo Jorge wrote:
> Hi,
>
> I'm found some vulnerabilities in glassfish webadmin interface, please
> see more details in my blog
>
> http://webappsecurity.wordpress.com/2008/06/14/multiple-xss-in-glassfish/
> http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/
>
>