GHSA-pm78-wxxf-fw98

Suggest an improvement
Source
https://github.com/advisories/GHSA-pm78-wxxf-fw98
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pm78-wxxf-fw98/GHSA-pm78-wxxf-fw98.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pm78-wxxf-fw98
Aliases
  • CVE-2006-7196
Published
2022-05-01T07:45:38Z
Modified
2023-11-01T04:43:29.026861Z
Summary
Cross-site scripting in Apache Tomcat
Details

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Database specific
{
    "nvd_published_at": "2007-05-10T00:19:00Z",
    "github_reviewed_at": "2023-02-14T00:59:29Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.7

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.32

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.0.31

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.5.16