Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Moderate severity
GitHub Reviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Feb 26, 2024
Package
Affected versions
>= 2.1.0, < 2.1.4
Patched versions
2.1.4
Description
Published by the National Vulnerability Database
Apr 17, 2009
Published to the GitHub Advisory Database
May 2, 2022
Reviewed
Feb 26, 2024
Last updated
Feb 26, 2024
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
References