Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." |
02 Feb 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2009-0781 tomcat: XSS in Apache Tomcat calendar application | |
References |
|
|
Information
Published : 2009-03-09 21:30
Updated : 2023-12-10 10:51
NVD link : CVE-2009-0781
Mitre link : CVE-2009-0781
CVE.ORG link : CVE-2009-0781
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')