22 matches found
SUSE CVE-2006-7196
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
Cross-Site Scripting (XSS)
Apache Tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the time parameter in cal2.jsp to steal session tokens or perform unwanted actions on behalf of the user...
Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16260/info Apache Geronimo is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the...
Tomcat 自带cal2.jsp示例存在XSS跨站脚本漏洞
No description provided by source...
Tomcat 5.5.15 cal2.jsp 跨站脚本漏洞
No description provided by source...
tomcat: XSS in Apache Tomcat calendar application
Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...
tomcat: XSS in Apache Tomcat calendar application
Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...
Tomcat Sample App cal2.jsp 'time' Parameter XSS
The remote web server includes an example JSP application, 'cal2.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed...
tomcat examples XSS
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...
tomcat examples XSS
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
Apache Tomcat Sample App cal2.jsp 'time' Parameter XSS (CVE-2006-7196)
The remote Apache Tomcat web server includes an example JSP application, 'cal2.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to ...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
CVE-2006-7196
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
CVE-2006-7196
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...
tomcat examples XSS
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...
PT-2006-7515 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.0.0 through 4.0.6 Apache Tomcat versions 4.1.0 through 4.1.31 Apache Tomcat versions 5.0.0 through 5.0.30 Apache Tomcat versions 5.5.0 through 5.5.15 Description: The issue is related to a cross-site scripting XSS...