Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24125
HistoryApr 10, 2020 - 12:46 a.m.

Cross-Site Scripting (XSS)

2020-04-1000:46:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

tomcat5 is vulnerable to cross-site scripting (XSS). The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the “time” parameter.

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N