Описание
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
Ссылки
- Exploit
- PatchVendor Advisory
- Patch
- Exploit
- Exploit
- PatchVendor Advisory
- Patch
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23675
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
debian
почти 17 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...
github
почти 4 года назад
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
EPSS
Процентиль: 96%
0.23675
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79