CVE-2009-0038 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name (2) ip (3) username or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

Reference

http://dsecrg.com/pages/vul/show.php?id=119 http://geronimo.apache.org/21x-security-report.html2.1.xSecurityReport-214 http://issues.apache.org/jira/browse/GERONIMO-4597 http://secunia.com/advisories/34715 http://www.securityfocus.com/archive/1/502734/100/0/threaded http://www.securityfocus.com/bid/34562 http://www.vupen.com/english/advisories/2009/1089