VDB
RHSA-2006%3A0592
RHSA-2006%3A0592
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Application Server 3AS |
Timeline
- Jul 14, 2006 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2006:0592 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- http://issues.apache.org/jira/browse/GERONIMO-1474 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=178176 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0592.json advisory
- https://access.redhat.com/security/cve/CVE-2006-0254 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=430646 issue
- https://www.cve.org/CVERecord?id=CVE-2006-0254 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-0254 advisory