Input passed in the URL isn't properly sanitized before being used by the Web-Access-Log viewer. This can be exploited to execute arbitrary JavaScript code in user's browser session in context of an affected website when a malicious log entry is viewed in Geronimo-admin.
http://issues.apache.org/jira/browse/GERONIMO-1474