PT-2026-20388 · Payara · Payara Server
Published
2026-02-18
·
Updated
2026-04-09
·
CVE-2025-14340
CVSS v4.0
7.3
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
Payara Server versions prior to 4.1.2.191.54
Payara Server versions prior to 5.83.0
Payara Server versions prior to 6.34.0
Payara Server versions prior to 7.2026.1
Description
A cross-site scripting issue exists in the REST Management Interface. This allows an attacker to potentially mislead an administrator into changing the admin password through a crafted URL payload.
Recommendations
Update Payara Server to version 4.1.2.191.54 or later.
Update Payara Server to version 5.83.0 or later.
Update Payara Server to version 6.34.0 or later.
Update Payara Server to version 7.2026.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Payara Server