GHSA-f98p-9pp6-7q6c

Suggest an improvement
Source
https://github.com/advisories/GHSA-f98p-9pp6-7q6c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f98p-9pp6-7q6c/GHSA-f98p-9pp6-7q6c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-f98p-9pp6-7q6c
Aliases
  • CVE-2008-1947
Published
2022-05-01T23:45:13Z
Modified
2024-03-05T18:53:37Z
Summary
Apache Tomcat Cross-site scripting (XSS) vulnerability
Details

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Database specific
{
    "nvd_published_at": "2008-06-04T19:32:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-08T22:33:18Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.9
Fixed
5.5.27

Database specific

{
    "last_known_affected_version_range": "<= 5.5.26"
}

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.18

Database specific

{
    "last_known_affected_version_range": "<= 6.0.16"
}

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.9
Fixed
5.5.27

Database specific

{
    "last_known_affected_version_range": "<= 5.5.26"
}

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.18

Database specific

{
    "last_known_affected_version_range": "<= 6.0.16"
}