Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23200
HistoryApr 10, 2020 - 12:19 a.m.

Cross-Site Scripting (XSS)

2020-04-1000:19:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

tomcat5 is vulnerable to cross-site scripting. Some JSPs within the ‘examples’ web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks.

References

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N