GHSA-j788-fx57-99wp

Source

https://github.com/advisories/GHSA-j788-fx57-99wp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j788-fx57-99wp/GHSA-j788-fx57-99wp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j788-fx57-99wp

Aliases

CVE-2009-0781

Published

2022-05-02T03:18:14Z

Modified

2023-11-08T03:56:52.905270Z

Summary

Cross-site scripting in Apache Tomcat

Details

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Database specific

{
    "nvd_published_at": "2009-03-09T21:30:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T21:55:58Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Last affected

4.1.39

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Last affected

5.5.27

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.20

Database specific

{
    "last_known_affected_version_range": "<= 6.0.18"
}