Description
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium SQL Injection (15.1)
PrestaShop Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-21302)
Django Uncontrolled Resource Consumption Vulnerability (CVE-2021-45115)
WordPress Plugin Master Slider-WordPress Responsive Touch Slider Unspecified Vulnerability (2.18.2)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)