Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
2007-05-21T20:30:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | tomcat | 4.0.0 | Yes |
| Application | apache | tomcat | 4.0.1 | Yes |
| Application | apache | tomcat | 4.0.2 | Yes |
| Application | apache | tomcat | 4.0.3 | Yes |
| Application | apache | tomcat | 4.0.4 | Yes |
| Application | apache | tomcat | 4.0.5 | Yes |
| Application | apache | tomcat | 4.0.6 | Yes |
| Application | apache | tomcat | 4.1.10 | Yes |
| Application | apache | tomcat | 4.1.15 | Yes |
| Application | apache | tomcat | 4.1.24 | Yes |
| Application | apache | tomcat | 4.1.28 | Yes |
| Application | apache | tomcat | 4.1.31 | Yes |
| Application | apache | tomcat | 5.0.1 | Yes |
| Application | apache | tomcat | 5.0.2 | Yes |
| Application | apache | tomcat | 5.0.3 | Yes |
| Application | apache | tomcat | 5.0.4 | Yes |
| Application | apache | tomcat | 5.0.5 | Yes |
| Application | apache | tomcat | 5.0.6 | Yes |
| Application | apache | tomcat | 5.0.7 | Yes |
| Application | apache | tomcat | 5.0.8 | Yes |
| Application | apache | tomcat | 5.0.9 | Yes |
| Application | apache | tomcat | 5.0.10 | Yes |
| Application | apache | tomcat | 5.0.11 | Yes |
| Application | apache | tomcat | 5.0.12 | Yes |
| Application | apache | tomcat | 5.0.13 | Yes |
| Application | apache | tomcat | 5.0.14 | Yes |
| Application | apache | tomcat | 5.0.15 | Yes |
| Application | apache | tomcat | 5.0.16 | Yes |
| Application | apache | tomcat | 5.0.17 | Yes |
| Application | apache | tomcat | 5.0.18 | Yes |
| Application | apache | tomcat | 5.0.19 | Yes |
| Application | apache | tomcat | 5.0.21 | Yes |
| Application | apache | tomcat | 5.0.22 | Yes |
| Application | apache | tomcat | 5.0.23 | Yes |
| Application | apache | tomcat | 5.0.24 | Yes |
| Application | apache | tomcat | 5.0.25 | Yes |
| Application | apache | tomcat | 5.0.26 | Yes |
| Application | apache | tomcat | 5.0.27 | Yes |
| Application | apache | tomcat | 5.0.28 | Yes |
| Application | apache | tomcat | 5.0.29 | Yes |
| Application | apache | tomcat | 5.0.30 | Yes |
| Application | apache | tomcat | 6.0.0 | Yes |
| Application | apache | tomcat | 6.0.1 | Yes |
| Application | apache | tomcat | 6.0.2 | Yes |
| Application | apache | tomcat | 6.0.3 | Yes |
| Application | apache | tomcat | 6.0.4 | Yes |
| Application | apache | tomcat | 6.0.5 | Yes |
| Application | apache | tomcat | 6.0.6 | Yes |
| Application | apache | tomcat | 6.0.7 | Yes |
| Application | apache | tomcat | 6.0.8 | Yes |
| Application | apache | tomcat | 6.0.9 | Yes |
| Application | apache | tomcat | 6.0.10 | Yes |