Moderate severityNVD Advisory· Published Apr 17, 2009· Updated Jun 16, 2026
CVE-2009-0038
CVE-2009-0038
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geronimo.plugins:consoleMaven | >= 2.1.0, < 2.1.4 | 2.1.4 |
Affected products
5Patches
Vulnerability mechanics
References
13- geronimo.apache.org/21x-security-report.htmlnvdPatchVendor AdvisoryWEB
- issues.apache.org/jira/browse/GERONIMO-4597nvdPatchWEB
- dsecrg.com/pages/vul/show.phpnvdExploit
- www.securityfocus.com/bid/34562nvdExploit
- github.com/advisories/GHSA-c372-x57p-6x7vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0038ghsaADVISORY
- github.com/apache/geronimo/commit/aa0c2c26dde8930cad924796af7c17a13d236b16ghsaWEB
- web.archive.org/web/20090419162753/http://secunia.com/advisories/34715ghsaWEB
- web.archive.org/web/20090422192202/http://dsecrg.com/pages/vul/show.phpghsaWEB
- web.archive.org/web/20200229223125/http://www.securityfocus.com/bid/34562ghsaWEB
- secunia.com/advisories/34715nvd
- www.securityfocus.com/archive/1/502734/100/0/threadednvd
- www.vupen.com/english/advisories/2009/1089nvd
News mentions
0No linked articles in our index yet.