WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-1358)

Description

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Remediation

References

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37304)

WordPress Plugin Booking Calendar Contact Form Cross-Site Scripting (1.0.24)

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2006-0200)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43721)

Severity

Low

Classification

CVE-2007-1358 CWE-707

Tags

Missing Update Known Vulnerabilities