GHSA-Q74X-QQHR-F8RX Apache Tomcat Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

Apache Tomcat Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download:...

Cross-site Scripting (XSS)

catalina is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the message argument sent to the HttpServletResponse.sendError method, allowing XSS attacks...

Design/Logic Flaw

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...

Scientific Linux Security Update : tomcat on SL5.x i386/x86_64

A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. CVE-2008-1232 An additional cross-site scripting vulnerability was discovered in the host manager application. A...

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the...

Apache Tomcat HttpServletResponse.sendError()跨站脚本攻击漏洞

No description provided by source...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)

A number of vulnerabilities have been discovered in the Apache Tomcat server : The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary...

tomcat: Cross-Site-Scripting enabled by sendError call

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

A cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

CVE-2008-1232

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

CVE-2008-1232

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...