CVE-2006-0254
Aliases:GHSA-2jxh-3cx8-xw65
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 18 Jan 2006, 02:00
Last modified:07 Aug 2024, 16:25
Vulnerability Summary
Overall Risk (default)
medium
36/100 CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
45.32% HIGH
45% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
5 found
Dark Web
Not detected
Timeline
18 Jan 2006, 02:00
Published
Vulnerability first disclosed
07 Aug 2024, 16:25
Last Modified
Vulnerability information updated
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 45.32%• Percentile: 98%
Affected Systems
- apache•geronimo
1.0
- geronimo•geronimo-console-standard
< 1.1
References (17)
- http://rhn.redhat.com/errata/RHSA-2008-0630.html
- http://secunia.com/advisories/31493
- http://www.oliverkarow.de/research/geronimo_css.txt
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
- http://www.securityfocus.com/bid/16260
- http://www.vupen.com/english/advisories/2006/0217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
- http://www.securityfocus.com/archive/1/421996/100/0/threaded
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://issues.apache.org/jira/browse/GERONIMO-1474
- http://secunia.com/advisories/18485
- https://nvd.nist.gov/vuln/detail/CVE-2006-0254
- https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
- https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
- http://svn.apache.org/viewvc/geronimo
- http://svn.apache.org/viewvc?view=revision&revision=372322