VYPR
Moderate severityNVD Advisory· Published Apr 17, 2009· Updated Jun 16, 2026

CVE-2009-0038

CVE-2009-0038

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring; or (5) the PATH_INFO to the default URI under console/portal/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.geronimo.plugins:consoleMaven
>= 2.1.0, < 2.1.42.1.4

Affected products

5
  • Apache/Geronimo4 versions
    cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.1.0, < 2.1.4

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.