Description

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Remediation

References

CVE-2007-1355

Related Vulnerabilities

Jenkins CVE-2017-2602 Vulnerability (CVE-2017-2602)

WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-5594)

Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)

Severity

Medium

Classification

CVE-2007-1355

Tags

Missing Update Known Vulnerabilities