Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:pro pertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:pro pertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:pro pertSectionTextField:factoryClassProp:factoryClass ,...

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2751)