CVE-2008-1947 – org.apache.tomcat.embed:tomcat-embed-core

Package

Manager: maven
Name: org.apache.tomcat.embed:tomcat-embed-core
Vulnerable Version: >=5.5.9 <5.5.27 || >=6.0.0 <6.0.18

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.49114 pctl0.97707

Details

Apache Tomcat Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to `host-manager/html/add`.

Metadata

Created: 2022-05-01T23:45:13Z
Modified: 2025-04-09T16:44:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f98p-9pp6-7q6c/GHSA-f98p-9pp6-7q6c.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-f98p-9pp6-7q6c
Finding: F008
Auto approve: 1