Lucene search

K

GoogleOSV:GHSA-2JXH-3CX8-XW65

HistoryMay 01, 2022 - 6:38 a.m.

Apache Geronimo console 1.0 vulnerable to cross-site scripting

2022-05-0106:38:20

Google

osv.dev

11

apache geronimo

cross-site scripting

remote attackers

web access log viewer

version 1.1

security vulnerability

EPSS

0.002

Percentile

52.8%

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contains fixes for these issues.

References

issues.apache.org/jira/browse/GERONIMO-1474

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/18485

secunia.com/advisories/31493

svn.apache.org/viewvc/geronimo

svn.apache.org/viewvc?view=revision&revision=372322

www.oliverkarow.de/research/geronimo_css.txt

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/421996/100/0/threaded

www.securityfocus.com/bid/16260

www.vupen.com/english/advisories/2006/0217

exchange.xforce.ibmcloud.com/vulnerabilities/24158

exchange.xforce.ibmcloud.com/vulnerabilities/24159

geronimo.apache.org/GMOxDOC11/release-notes-11txt.html

issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch

issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create

nvd.nist.gov/vuln/detail/CVE-2006-0254

EPSS

0.002

Percentile

52.8%

Related for OSV:GHSA-2JXH-3CX8-XW65

nvd2 exploitdb2 nessus4 prion1 github2 cvelist2 cve2 osv1 ubuntucve1 redhat4 ibm1