GHSA-2jxh-3cx8-xw65

Suggest an improvement
Source
https://github.com/advisories/GHSA-2jxh-3cx8-xw65
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2jxh-3cx8-xw65/GHSA-2jxh-3cx8-xw65.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2jxh-3cx8-xw65
Aliases
  • CVE-2006-0254
Published
2022-05-01T06:38:20Z
Modified
2024-02-20T05:37:27.927365Z
Summary
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Details

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contains fixes for these issues.

Database specific
{
    "nvd_published_at": "2006-01-18T01:51:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-28T15:28:00Z"
}
References

Affected packages

Maven / geronimo:geronimo-console-standard

Package

Name
geronimo:geronimo-console-standard
View open source insights on deps.dev
Purl
pkg:maven/geronimo/geronimo-console-standard

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1

Affected versions

1.*

1.0-M5
1.0