Lucene search
DSecRGEDB-ID:32921HistoryApr 16, 2009 - 12:00 a.m.
Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting
2009-04-1600:00:00
DSecRG
www.exploit-db.com
11
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/34562/info
Apache Geronimo Application Server is prone to multiple remote vulnerabilities:
- Multiple directory-traversal vulnerabilities
- A cross-site scripting vulnerability
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability
Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.
Apache Geronimo 2.1 through 2.1.3 are vulnerable.
http://www.example.com/console/portal/"><script>alert('DSecRG XSS')</script><!--Related
osv
osv
exploitdb
exploitdb
github
github
nvd
nvd
CVE-2009-0038
2009-04-17 14:30:00
cvelist
cvelist
CVE-2009-0038
2009-04-17 14:00:00
packetstorm
packetstorm
Apache Geronimo Cross Site Scripting
2009-04-16 00:00:00
cve
cve
CVE-2009-0038
2009-04-17 14:30:00
prion
prion
Cross site scripting
2009-04-17 14:30:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-08 11:22:27
openvas
openvas
SLES10: Security update for Websphere Community Edition
2009-10-13 00:00:00
SLES11: Security update for Websphere Community Edition
2009-10-11 00:00:00
SLES11: Security update for Websphere Community Edition
2009-10-11 00:00:00
nessus
nessus