Description
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Remediation
References
Related Vulnerabilities
Jenkins CVE-2017-2602 Vulnerability (CVE-2017-2602)
WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-5594)
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)