4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.8%
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
issues.apache.org/jira/browse/GERONIMO-1474
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/18485
secunia.com/advisories/31493
www.oliverkarow.de/research/geronimo_css.txt
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/archive/1/421996/100/0/threaded
www.securityfocus.com/bid/16260
www.vupen.com/english/advisories/2006/0217
exchange.xforce.ibmcloud.com/vulnerabilities/24158
exchange.xforce.ibmcloud.com/vulnerabilities/24159
issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create