Description

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Remediation

References

CVE-2009-0781

Related Vulnerabilities

Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27117)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.1)

Moodle Improper Input Validation Vulnerability (CVE-2022-35650)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2019-5420)

MySQL CVE-2020-14697 Vulnerability (CVE-2020-14697)

Severity

Medium

Classification

CVE-2009-0781 CWE-707

Tags

Missing Update Known Vulnerabilities