Apache Tomcat XSS Vulnerability
Moderate severity
GitHub Reviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Feb 12, 2024
Package
Affected versions
>= 4.1.0, < 4.1.29
Patched versions
4.1.29
Description
Published by the National Vulnerability Database
Oct 6, 2003
Published to the GitHub Advisory Database
Apr 30, 2022
Reviewed
Feb 12, 2024
Last updated
Feb 12, 2024
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
References