Описание
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | released | 5.5.32 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.0.28-10ubuntu2 |
| hardy | DNE | |
| karmic | released | 6.0.20-2ubuntu2.4 |
| lucid | released | 6.0.24-2ubuntu1.7 |
| maverick | released | 6.0.28-2ubuntu1.2 |
| natty | not-affected | 6.0.28-10ubuntu2 |
| upstream | released | 6.0.30 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ...
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)
EPSS
4.3 Medium
CVSS2