Description

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Remediation

References

CVE-2005-4838

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17897)

MySQL CVE-2020-2898 Vulnerability (CVE-2020-2898)

Dotclear Other Vulnerability (CVE-2006-2866)

MySQL CVE-2015-4826 Vulnerability (CVE-2015-4826)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.5)

Severity

Medium

Classification

CVE-2005-4838 CWE-707

Tags

Missing Update Known Vulnerabilities