5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.4%
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
issues.apache.org/jira/browse/GERONIMO-4597
github.com/apache/geronimo
github.com/apache/geronimo/commit/aa0c2c26dde8930cad924796af7c17a13d236b16
nvd.nist.gov/vuln/detail/CVE-2009-0038
web.archive.org/web/20090419162753/secunia.com/advisories/34715
web.archive.org/web/20090422192202/dsecrg.com/pages/vul/show.php?id=119
web.archive.org/web/20200229223125/www.securityfocus.com/bid/34562