Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities

2022-05-0203:12:29

CWE-79

GitHub Advisory Database

github.com

apache geronimo

cross-site scripting

web administration

remote attackers

html injection

2.1 - 2.1.3

monitoring

default uri

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.