Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0yanhoLTNjeDgteHc2Nc18GQ

Apache Geronimo console 1.0 vulnerable to cross-site scripting

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contains fixes for these issues.

Permalink: https://github.com/advisories/GHSA-2jxh-3cx8-xw65
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yanhoLTNjeDgteHc2Nc18GQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

Identifiers: GHSA-2jxh-3cx8-xw65, CVE-2006-0254
References:

• https://nvd.nist.gov/vuln/detail/CVE-2006-0254
• https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
• https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
• https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
• http://issues.apache.org/jira/browse/GERONIMO-1474
• http://rhn.redhat.com/errata/RHSA-2008-0630.html
• http://secunia.com/advisories/18485
• http://secunia.com/advisories/31493
• http://www.oliverkarow.de/research/geronimo_css.txt
• http://www.redhat.com/support/errata/RHSA-2008-0261.html
• http://www.securityfocus.com/archive/1/421996/100/0/threaded
• http://www.securityfocus.com/bid/16260
• http://www.vupen.com/english/advisories/2006/0217
• https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
• https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
• http://svn.apache.org/viewvc?view=revision&revision=372322
• https://github.com/advisories/GHSA-2jxh-3cx8-xw65

Blast Radius: 1.0

Affected Packages