Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Remediation

References

CVE-2010-4172

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2012-5486)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19212)

WebLogic CVE-2023-21841 Vulnerability (CVE-2023-21841)

MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45867)

Oracle JRE CVE-2013-2450 Vulnerability (CVE-2013-2450)

Severity

Medium

Classification

CVE-2010-4172 CWE-707

Tags

Missing Update Known Vulnerabilities