Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAdam MuntnerEDB-ID:35011
HistoryNov 22, 2010 - 12:00 a.m.

Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting

2010-11-2200:00:00
Adam Muntner
www.exploit-db.com
28

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/45015/info

Apache Tomcat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. 

http:/www.example.com/html/sessions?path=/&sort=[xss]

Related

openvas 11
nessus 14
prion 1
nvd 1
ubuntucve 1
cve 1
github 1
tomcat 2
securityvulns 4
osv 1
ubuntu 1
cvelist 1
redhat 2
oraclelinux 1
gentoo 1
ibm 1
openvas
openvas
Ubuntu: Security Advisory (USN-1048-1)
2011-01-31 00:00:00
Ubuntu Update for tomcat6 vulnerability USN-1048-1
2011-01-31 00:00:00
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
2011-01-14 00:00:00
nessus
nessus
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)
2011-05-05 00:00:00
Apache Tomcat 7.0.0 < 7.0.5
2011-01-14 00:00:00
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)
2011-05-05 00:00:00
prion
prion
Cross site scripting
2010-11-26 20:00:00
nvd
nvd
CVE-2010-4172
2010-11-26 20:00:04
ubuntucve
ubuntucve
CVE-2010-4172
2010-11-26 00:00:00
cve
cve
CVE-2010-4172
2010-11-26 20:00:04
github
github
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-14 02:42:46
tomcat
tomcat
Fixed in Apache Tomcat 7.0.5
2010-12-01 00:00:00
Fixed in Apache Tomcat 6.0.30
2011-01-13 00:00:00
securityvulns
securityvulns
Apache Tomcat crossite scripting
2010-11-24 00:00:00
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
2010-11-24 00:00:00
Apple OS X multiple security vulnerabilities
2011-10-24 00:00:00
osv
osv
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-14 02:42:46
ubuntu
ubuntu
Tomcat vulnerability
2011-01-24 00:00:00
cvelist
cvelist
CVE-2010-4172
2010-11-26 19:00:00
redhat
redhat
(RHSA-2011:0791) Moderate: tomcat6 security and bug fix update
2011-05-19 00:00:00
(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update
2011-06-22 00:00:00
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-05-28 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:35011
openvas11nessus14prion1nvd1ubuntucve1cve1github1tomcat2securityvulns4osv1ubuntu1cvelist1redhat2oraclelinux1gentoo1ibm1