GHSA-86fp-jgwm-wgj5, CVE-2002-1567
maven/org.apache.tomcat/tomcat
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
All versions starting from 4.1.0 before 4.1.29
Upgrade to version 4.1.29 or above.
2024-02-13
source |