Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0254

CWE-79Cross-site Scripting (XSS)14 documents7 sources
Severity
4.3MEDIUM
EPSS
45.3%
top 2.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Geronimo
Timeline
PublishedJan 18
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

4
OSV
Apache Geronimo console 1.0 vulnerable to cross-site scripting2022-05-01
GHSA
Apache Geronimo console 1.0 vulnerable to cross-site scripting2022-05-01
GHSA
Cross-site scripting in Apache Tomcat2022-05-01
CVEList
CVE-2006-0254: Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 12006-01-18

💥Exploits & PoCs

2
Exploit-DB
Apache Geronimo 1.0 - Error Page Cross-Site Scripting2006-01-16
Exploit-DB
Apache Tomcat / Geronimo 1.0 - 'Sample Script cal2.jsp?time' Cross-Site Scripting2006-01-16

📋Vendor Advisories

2
Red Hat
tomcat XSS in example webapps2007-04-26
Red Hat
tomcat examples XSS2006-01-15

💬Community

5
Bugzilla
CVE-2006-0254 tomcat examples XSS2008-01-29
Bugzilla
CVE-2006-0254 tomcat examples XSS (RHAPS)2006-01-18
Bugzilla
CVE-2006-0254 tomcat examples XSS2006-01-18
Bugzilla
CVE-2006-0254 tomcat examples XSS2006-01-18
Bugzilla
CVE-2006-0254 tomcat examples XSS2006-01-18
CVE-2006-0254 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io