Description

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Remediation

References

CVE-2007-3386

Related Vulnerabilities

WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3502)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29470)

WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)

WordPress Plugin Dynamic Widgets Multiple Unspecified Vulnerabilities (1.5.7)

Severity

Medium

Classification

CVE-2007-3386 CWE-707

Tags

Missing Update Known Vulnerabilities