CVE-2009-0781 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=4.1.0 <=4.1.39 || >=5.5.0 <=5.5.27 || >=6.0.0 <6.0.20

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.20823 pctl0.95392

Details

Cross-site scripting in Apache Tomcat Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Metadata

Created: 2022-05-02T03:18:14Z
Modified: 2022-06-17T21:55:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j788-fx57-99wp/GHSA-j788-fx57-99wp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-j788-fx57-99wp
Finding: F008
Auto approve: 1