4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
geronimo is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the name
, ip
, username
or description
parameters in console/portal/Server/Monitoring
, and PATH_INFO
parameter to the default URI under console/portal/
.
dsecrg.com/pages/vul/show.php?id=119
geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214
issues.apache.org/jira/browse/GERONIMO-4597
secunia.com/advisories/34715
www.securityfocus.com/archive/1/502734/100/0/threaded
www.securityfocus.com/bid/34562
www.vupen.com/english/advisories/2009/1089
issues.apache.org/jira/browse/GERONIMO-4597