Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yanhoLTNjeDgteHc2Nc18GQ
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contains fixes for these issues.
Permalink: https://github.com/advisories/GHSA-2jxh-3cx8-xw65JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yanhoLTNjeDgteHc2Nc18GQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-2jxh-3cx8-xw65, CVE-2006-0254
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-0254
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
- http://issues.apache.org/jira/browse/GERONIMO-1474
- http://rhn.redhat.com/errata/RHSA-2008-0630.html
- http://secunia.com/advisories/18485
- http://secunia.com/advisories/31493
- http://www.oliverkarow.de/research/geronimo_css.txt
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.securityfocus.com/archive/1/421996/100/0/threaded
- http://www.securityfocus.com/bid/16260
- http://www.vupen.com/english/advisories/2006/0217
- https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
- https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
- http://svn.apache.org/viewvc?view=revision&revision=372322
- https://github.com/advisories/GHSA-2jxh-3cx8-xw65
Affected Packages
maven:geronimo:geronimo-console-standard
Dependent packages: 1Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.1
Fixed in: 1.1
All affected versions:
All unaffected versions: