Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Remediation

References

CVE-2010-4172

Related Vulnerabilities

Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)

WordPress Plugin Business Card Cross-Site Scripting (1.0.0)

Oracle Database Server CVE-2019-2569 Vulnerability (CVE-2019-2569)

WordPress Plugin WP Shieldon-WordPress Firewall Cross-Site Scripting (1.6.3)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

Severity

Medium

Classification

CVE-2010-4172 CWE-707

Tags

Missing Update Known Vulnerabilities