GitHub Advisory DatabaseGHSA-2JXH-3CX8-XW65Apache Geronimo console 1.0 vulnerable to cross-site scripting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.8%
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contains fixes for these issues.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| geronimo:geronimo-console-standard | lt | 1.1 |
References
issues.apache.org/jira/browse/GERONIMO-1474
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/18485
secunia.com/advisories/31493
svn.apache.org/viewvc?view=revision&revision=372322
www.oliverkarow.de/research/geronimo_css.txt
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/421996/100/0/threaded
www.securityfocus.com/bid/16260
www.vupen.com/english/advisories/2006/0217
exchange.xforce.ibmcloud.com/vulnerabilities/24158
exchange.xforce.ibmcloud.com/vulnerabilities/24159
geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
github.com/advisories/GHSA-2jxh-3cx8-xw65
issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
nvd.nist.gov/vuln/detail/CVE-2006-0254
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.8%