logo
DATABASE RESOURCES PRICING ABOUT US

Cross-site Scripting in Apache Tomcat

Description

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.


Affected Software


CPE Name Name Version
org.apache.tomcat:tomcat 8.5.50
org.apache.tomcat:tomcat 8.5.51
org.apache.tomcat:tomcat 8.5.53
org.apache.tomcat:tomcat 8.5.54
org.apache.tomcat:tomcat 8.5.55
org.apache.tomcat:tomcat 8.5.56
org.apache.tomcat:tomcat 8.5.57
org.apache.tomcat:tomcat 8.5.58
org.apache.tomcat:tomcat 8.5.59
org.apache.tomcat:tomcat 8.5.60
org.apache.tomcat:tomcat 8.5.61
org.apache.tomcat:tomcat 8.5.63
org.apache.tomcat:tomcat 8.5.64
org.apache.tomcat:tomcat 8.5.65
org.apache.tomcat:tomcat 8.5.66
org.apache.tomcat:tomcat 8.5.68
org.apache.tomcat:tomcat 8.5.69
org.apache.tomcat:tomcat 8.5.70
org.apache.tomcat:tomcat 8.5.71
org.apache.tomcat:tomcat 8.5.72
org.apache.tomcat:tomcat 8.5.73
org.apache.tomcat:tomcat 8.5.75
org.apache.tomcat:tomcat 8.5.76
org.apache.tomcat:tomcat 8.5.77
org.apache.tomcat:tomcat 8.5.78
org.apache.tomcat:tomcat 8.5.79
org.apache.tomcat:tomcat 8.5.81

Related