In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console