CVE-2025-14340

Vulnerability Description

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

Vulnerability Details

Published Date

February 18, 2026

Last Modified

February 19, 2026

CWE ID

CWE-79

Source

NVD

Vendor

Payara Platform

Product

Payara Server

External References

https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment