Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Remediation

References

CVE-2010-4172

Related Vulnerabilities

Oracle Database Server CVE-2020-2511 Vulnerability (CVE-2020-2511)

WebLogic CVE-2020-14882 Vulnerability (CVE-2020-14882)

WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.0)

Apache HTTP Server Improper Locking Vulnerability (CVE-2002-1850)

Oracle Application Server CVE-2006-5364 Vulnerability (CVE-2006-5364)

Severity

Medium

Classification

CVE-2010-4172 CWE-707

Tags

Missing Update Known Vulnerabilities