Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6d1j-1n1r-7khr
Vulnerability ID VCID-6d1j-1n1r-7khr
Aliases CVE-2006-0254
GHSA-2jxh-3cx8-xw65
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://issues.apache.org/jira/browse/GERONIMO-1474
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2008-0630.html
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
epss 0.45321 https://api.first.org/data/v1/epss?cve=CVE-2006-0254
generic_textual MODERATE http://secunia.com/advisories/18485
generic_textual MODERATE http://secunia.com/advisories/31493
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
generic_textual MODERATE https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-2jxh-3cx8-xw65
generic_textual MODERATE https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
generic_textual MODERATE https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2006-0254
generic_textual MODERATE http://svn.apache.org/viewvc/geronimo
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=372322
generic_textual MODERATE http://www.oliverkarow.de/research/geronimo_css.txt
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0261.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/421996/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/16260
generic_textual MODERATE http://www.vupen.com/english/advisories/2006/0217
Reference id Reference type URL
http://issues.apache.org/jira/browse/GERONIMO-1474
http://rhn.redhat.com/errata/RHSA-2008-0630.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0254.json
https://api.first.org/data/v1/epss?cve=CVE-2006-0254
http://secunia.com/advisories/18485
http://secunia.com/advisories/31493
https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html
https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
http://svn.apache.org/viewvc/geronimo
http://svn.apache.org/viewvc?view=revision&revision=372322
http://www.oliverkarow.de/research/geronimo_css.txt
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/421996/100/0/threaded
http://www.securityfocus.com/bid/16260
http://www.vupen.com/english/advisories/2006/0217
430646 https://bugzilla.redhat.com/show_bug.cgi?id=430646
CVE-2006-0254 https://nvd.nist.gov/vuln/detail/CVE-2006-0254
CVE-2006-0254;OSVDB-22458 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27095.txt
CVE-2006-0254;OSVDB-22458 Exploit https://www.securityfocus.com/bid/16260/info
CVE-2006-0254;OSVDB-22459 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27096.txt
GHSA-2jxh-3cx8-xw65 https://github.com/advisories/GHSA-2jxh-3cx8-xw65
RHSA-2006:0161 https://access.redhat.com/errata/RHSA-2006:0161
RHSA-2006:0592 https://access.redhat.com/errata/RHSA-2006:0592
RHSA-2008:0630 https://access.redhat.com/errata/RHSA-2008:0630
Data source Exploit-DB
Date added Jan. 16, 2006
Description Apache Tomcat / Geronimo 1.0 - 'Sample Script cal2.jsp?time' Cross-Site Scripting
Ransomware campaign use Known
Source publication date Jan. 16, 2006
Exploit type remote
Platform multiple
Source update date July 25, 2013
Source URL https://www.securityfocus.com/bid/16260/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.97581
EPSS Score 0.45321
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:58.696916+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/geronimo/geronimo-console-standard/CVE-2006-0254.yml 38.0.0