CVE-2006-0254 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Reference

http://issues.apache.org/jira/browse/GERONIMO-1474 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/18485 http://secunia.com/advisories/31493 http://www.oliverkarow.de/research/geronimo_css.txt http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/archive/1/421996/100/0/threaded http://www.securityfocus.com/bid/16260 http://www.vupen.com/english/advisories/2006/0217 https://exchange.xforce.ibmcloud.com/vulnerabilities/24158 https://exchange.xforce.ibmcloud.com/vulnerabilities/24159 https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create

Share on: