New Apache Cross site scripting vulnerability

ScannerX · 2006-01-25, 11:41 AM

Input passed in the URL isn't properly sanitized before being used by the Web-Access-Log viewer. This can be exploited to execute arbitrary JavaScript code in user's browser session in context of an affected website when a malicious log entry is viewed in Geronimo-admin.
http://issues.apache.org/jira/browse/GERONIMO-1474

Ajay · 2006-01-25, 10:00 PM

This is a vulnerability for Geronimo (another project by the Apache team), not the Apache httpd server.

http://geronimo.apache.org/

http://httpd.apache.org

2006-01-25, 11:41 AM	#1
ScannerX Banned Join Date: Jan 2006 Posts: 8	New Apache Cross site scripting vulnerability Input passed in the URL isn't properly sanitized before being used by the Web-Access-Log viewer. This can be exploited to execute arbitrary JavaScript code in user's browser session in context of an affected website when a malicious log entry is viewed in Geronimo-admin. http://issues.apache.org/jira/browse/GERONIMO-1474

2006-01-25, 10:00 PM	#2
Ajay Internet! Is that thing still around? Join Date: Jan 2006 Posts: 1	Thread title is a little misleading.... This is a vulnerability for Geronimo (another project by the Apache team), not the Apache httpd server. http://geronimo.apache.org/ http://httpd.apache.org