Description

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Remediation

References

CVE-2005-4838

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.14)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (3.5.5)

WordPress Plugin WP jPlayer Cross-Site Scripting (0.1)

WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1)

Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)

Severity

Medium

Classification

CVE-2005-4838 CWE-707

Tags

Missing Update Known Vulnerabilities