GitHub Advisory DatabaseGHSA-5HGM-QM5M-5VMWJakarta Tomcat cross-site scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Affected configurations
References
jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
secunia.com/advisories/7972
www.ciac.org/ciac/bulletins/n-060.shtml
www.debian.org/security/2003/dsa-246
www.osvdb.org/9203
www.osvdb.org/9204
www.securityfocus.com/advisories/5111
www.securityfocus.com/bid/6720
exchange.xforce.ibmcloud.com/vulnerabilities/11196
github.com/advisories/GHSA-5hgm-qm5m-5vmw
nvd.nist.gov/vuln/detail/CVE-2003-0044
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%