Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Remediation

References

CVE-2007-2450

Related Vulnerabilities

Jboss EAP CVE-2022-1259 Vulnerability (CVE-2022-1259)

GlassFish CVE-2012-0081 Vulnerability (CVE-2012-0081)

WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)

WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)

Severity

Low

Classification

CVE-2007-2450 CWE-707

Tags

Missing Update Known Vulnerabilities