IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...

Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...