Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zNmhwLTR4M2ctcGhyZ82iLg

Apache Tomcat's CookieExample Vulnerable to XSS

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

Permalink: https://github.com/advisories/GHSA-36hp-4x3g-phrg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNmhwLTR4M2ctcGhyZ82iLg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


EPSS Percentage: 0.00703
EPSS Percentile: 0.80592

Identifiers: GHSA-36hp-4x3g-phrg, CVE-2007-3384
References: Blast Radius: 0.0

Affected Packages

maven:org.apache.tomcat:tomcat
Dependent packages: 30
Dependent repositories: 438
Downloads:
Affected Version Ranges: >= 3.3.0, <= 3.3.2
No known fixed version
All affected versions: