Description
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Remediation
References
Related Vulnerabilities
WordPress Plugin YouTube Advanced by Embed Plus Cross-Site Scripting (5.3)
WordPress Plugin Colorful Categories Cross-Site Request Forgery (2.0.14)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)
Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.49)