Description

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Remediation

References

CVE-2008-1947

Related Vulnerabilities

WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-5611)

WordPress Plugin RSVPMaker SQL Injection (5.6.3)

WordPress Plugin to Manage/Design WordPress Blog-WP Blog Manager Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.0)

ownCloud Improper Authentication Vulnerability (CVE-2014-9045)

Severity

Medium

Classification

CVE-2008-1947 CWE-707

Tags

Missing Update Known Vulnerabilities