CVE-2006-0254 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-0254 PUBLISHED

Reported by mitre · Published January 18, 2006

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
Maven	geronimo:geronimo-console-standard	0, 0
n/a	n/a	n/a, n/a, n/a

Timeline

Jan 18, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

RHSA-2008:0630 vendor-advisoryx_refsource_REDHAT
31493 third-party-advisoryx_refsource_SECUNIA
x_refsource_MISC
x_refsource_CONFIRM
16260 vdb-entryx_refsource_BID
ADV-2006-0217 vdb-entryx_refsource_VUPEN
geronimo-webaccesslog-viewer-xss(24159) vdb-entryx_refsource_XF
geronimo-jspexamples-xss(24158) vdb-entryx_refsource_XF
20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities mailing-listx_refsource_BUGTRAQ
RHSA-2008:0261 vendor-advisoryx_refsource_REDHAT
x_refsource_MISC
18485 third-party-advisoryx_refsource_SECUNIA
https://nvd.nist.gov/vuln/detail/CVE-2006-0254 advisory
https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html url
https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch url
http://svn.apache.org/viewvc?view=revision&revision=372322 url
https://github.com/advisories/GHSA-2jxh-3cx8-xw65 advisory

Open in Interactive Console →