- Home
- CVEs with nessus.description==According to its self-reported version number, the Apache Tomcat
instance listening on the remote host is prior to 6.0.6. It is,
therefore, affected by the following vulnerability :
- A cross-site scripting (XSS) vulnerability exists due
to improper validation of user-supplied input before
returning it to users. An unauthenticated, remote attacker
can exploit this, by convincing a user to click a specially
crafted URL, to execute arbitrary script code in a user's
browser session.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top