WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1232)

Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Remediation

References

Related Vulnerabilities

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)

Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)

WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (2.9.43)

Severity

Medium

Classification

CVE-2008-1232 CWE-707

Tags

Missing Update Known Vulnerabilities