{"url":"http://public2.vulnerablecode.io/api/packages/299197?format=json","purl":"pkg:maven/geronimo/geronimo-console-standard@1.0-M5","type":"maven","namespace":"geronimo","name":"geronimo-console-standard","version":"1.0-M5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14160?format=json","vulnerability_id":"VCID-6d1j-1n1r-7khr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.","references":[{"reference_url":"http://issues.apache.org/jira/browse/GERONIMO-1474","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://issues.apache.org/jira/browse/GERONIMO-1474"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2008-0630.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0254.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0254","reference_id":"","reference_type":"","scores":[{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97644","published_at":"2026-05-14T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97587","published_at":"2026-04-02T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.9759","published_at":"2026-04-04T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97591","published_at":"2026-04-07T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97602","published_at":"2026-04-11T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97612","published_at":"2026-04-16T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97614","published_at":"2026-04-26T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97618","published_at":"2026-04-29T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97627","published_at":"2026-05-07T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97628","published_at":"2026-05-09T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97629","published_at":"2026-05-11T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97635","published_at":"2026-05-12T12:55:00Z"},{"value":"0.45321","scoring_system":"epss","scoring_elements":"0.97581","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0254"},{"reference_url":"http://secunia.com/advisories/18485","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/18485"},{"reference_url":"http://secunia.com/advisories/31493","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/31493"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24158"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24159","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24159"},{"reference_url":"https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://geronimo.apache.org/GMOxDOC11/release-notes-11txt.html"},{"reference_url":"https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/secure/attachment/12322088/GERONIMO-1474.patch"},{"reference_url":"https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create"},{"reference_url":"http://svn.apache.org/viewvc/geronimo","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc/geronimo"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=372322","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=372322"},{"reference_url":"http://www.oliverkarow.de/research/geronimo_css.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oliverkarow.de/research/geronimo_css.txt"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0261.html"},{"reference_url":"http://www.securityfocus.com/archive/1/421996/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/421996/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/16260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/16260"},{"reference_url":"http://www.vupen.com/english/advisories/2006/0217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vupen.com/english/advisories/2006/0217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=430646","reference_id":"430646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=430646"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0254","reference_id":"CVE-2006-0254","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0254"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27095.txt","reference_id":"CVE-2006-0254;OSVDB-22458","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27095.txt"},{"reference_url":"https://www.securityfocus.com/bid/16260/info","reference_id":"CVE-2006-0254;OSVDB-22458","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/16260/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27096.txt","reference_id":"CVE-2006-0254;OSVDB-22459","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27096.txt"},{"reference_url":"https://github.com/advisories/GHSA-2jxh-3cx8-xw65","reference_id":"GHSA-2jxh-3cx8-xw65","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2jxh-3cx8-xw65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0161","reference_id":"RHSA-2006:0161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0592","reference_id":"RHSA-2006:0592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0630","reference_id":"RHSA-2008:0630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50295?format=json","purl":"pkg:maven/geronimo/geronimo-console-standard@1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/geronimo/geronimo-console-standard@1.1"}],"aliases":["CVE-2006-0254","GHSA-2jxh-3cx8-xw65"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1j-1n1r-7khr"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/geronimo/geronimo-console-standard@1.0-M5"}