Description
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.14)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (3.5.5)
WordPress Plugin WP jPlayer Cross-Site Scripting (0.1)
WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1)
Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)