VDB
CVE-2006-0254
CVE-2006-0254
PUBLISHED
Reported by mitre · Published January 18, 2006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| Maven | geronimo:geronimo-console-standard | 0, 0 |
| n/a | n/a | n/a, n/a, n/a |
Exploit Intelligence
- http://issues.apache.org/jira/browse/GERONIMO-1474 (vulncheck-nvd)
- http://www.oliverkarow.de/research/geronimo_css.txt (vulncheck-nvd)
- http://www.securityfocus.com/bid/16260 (vulncheck-nvd)
Timeline
- Jan 18, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- RHSA-2008:0630 vendor-advisoryx_refsource_REDHAT
- 31493 third-party-advisoryx_refsource_SECUNIA
- x_refsource_MISC
- x_refsource_CONFIRM
- 16260 vdb-entryx_refsource_BID
- ADV-2006-0217 vdb-entryx_refsource_VUPEN
- geronimo-webaccesslog-viewer-xss(24159) vdb-entryx_refsource_XF
- geronimo-jspexamples-xss(24158) vdb-entryx_refsource_XF
- 20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities mailing-listx_refsource_BUGTRAQ
- RHSA-2008:0261 vendor-advisoryx_refsource_REDHAT
- x_refsource_MISC
- 18485 third-party-advisoryx_refsource_SECUNIA
- https://nvd.nist.gov/vuln/detail/CVE-2006-0254 advisory
- https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html url
- https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch url
- http://svn.apache.org/viewvc?view=revision&revision=372322 url
- https://github.com/advisories/GHSA-2jxh-3cx8-xw65 advisory