Description

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Remediation

References

CVE-2010-4172

Related Vulnerabilities

Oracle JRE CVE-2013-5775 Vulnerability (CVE-2013-5775)

WordPress Plugin 3D Tag Cloud Cross-Site Request Forgery (3.8)

WordPress Plugin Donations Privilege Escalation (1.3)

WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)

WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.1.4)

Severity

Medium

Classification

CVE-2010-4172 CWE-707

Tags

Missing Update Known Vulnerabilities