Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache tomcat xss vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...
Apache Tomcat
Apache Tomcat 9.0.0
3 Github repositories available
383
VMScore
CVE-2018-8031
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this...
Apache Tomee
686
VMScore
CVE-2016-6816
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid...
Apache Tomcat 6.0.0
Apache Tomcat 6.0.1
Apache Tomcat 6.0.2
Apache Tomcat 6.0.3
Apache Tomcat 6.0.4
Apache Tomcat 6.0.5
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.8
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.11
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
Apache Tomcat 6.0.16
Apache Tomcat 6.0.17
Apache Tomcat 6.0.18
Apache Tomcat 6.0.19
Apache Tomcat 6.0.20
Apache Tomcat 6.0.21
Apache Tomcat 6.0.22
Apache Tomcat 6.0.23
Apache Tomcat 6.0.24
Apache Tomcat 6.0.25
Apache Tomcat 6.0.26
Apache Tomcat 6.0.27
Apache Tomcat 6.0.28
Apache Tomcat 6.0.29
Apache Tomcat 6.0.30
Apache Tomcat 6.0.31
Apache Tomcat 6.0.32
Apache Tomcat 6.0.33
Apache Tomcat 6.0.34
Apache Tomcat 6.0.35
Apache Tomcat 6.0.36
Apache Tomcat 6.0.37
Apache Tomcat 6.0.38
Apache Tomcat 6.0.39
Apache Tomcat 6.0.40
Apache Tomcat 6.0.41
Apache Tomcat 6.0.42
Apache Tomcat 6.0.43
Apache Tomcat 6.0.44
Apache Tomcat 6.0.45
Apache Tomcat 6.0.46
Apache Tomcat 6.0.47
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.8
Apache Tomcat 7.0.9
Apache Tomcat 7.0.10
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
Apache Tomcat 7.0.13
Apache Tomcat 7.0.14
Apache Tomcat 7.0.15
Apache Tomcat 7.0.16
Apache Tomcat 7.0.17
Apache Tomcat 7.0.18
Apache Tomcat 7.0.19
Apache Tomcat 7.0.20
Apache Tomcat 7.0.21
Apache Tomcat 7.0.22
Apache Tomcat 7.0.23
Apache Tomcat 7.0.24
Apache Tomcat 7.0.25
Apache Tomcat 7.0.26
Apache Tomcat 7.0.27
Apache Tomcat 7.0.28
Apache Tomcat 7.0.29
Apache Tomcat 7.0.30
Apache Tomcat 7.0.31
Apache Tomcat 7.0.32
Apache Tomcat 7.0.33
Apache Tomcat 7.0.34
Apache Tomcat 7.0.35
Apache Tomcat 7.0.36
Apache Tomcat 7.0.37
Apache Tomcat 7.0.38
Apache Tomcat 7.0.39
Apache Tomcat 7.0.40
Apache Tomcat 7.0.41
Apache Tomcat 7.0.42
Apache Tomcat 7.0.43
Apache Tomcat 7.0.44
Apache Tomcat 7.0.45
Apache Tomcat 7.0.46
Apache Tomcat 7.0.47
Apache Tomcat 7.0.48
Apache Tomcat 7.0.49
Apache Tomcat 7.0.50
Apache Tomcat 7.0.51
Apache Tomcat 7.0.52
Apache Tomcat 7.0.53
Apache Tomcat 7.0.54
Apache Tomcat 7.0.55
Apache Tomcat 7.0.56
Apache Tomcat 7.0.57
Apache Tomcat 7.0.58
Apache Tomcat 7.0.59
Apache Tomcat 7.0.60
Apache Tomcat 7.0.61
Apache Tomcat 7.0.62
Apache Tomcat 7.0.63
Apache Tomcat 7.0.64
Apache Tomcat 7.0.65
Apache Tomcat 7.0.66
Apache Tomcat 7.0.67
Apache Tomcat 7.0.68
Apache Tomcat 7.0.69
Apache Tomcat 7.0.70
Apache Tomcat 7.0.71
Apache Tomcat 7.0.72
Apache Tomcat 8.0.0
Apache Tomcat 8.0.1
Apache Tomcat 8.0.2
Apache Tomcat 8.0.3
Apache Tomcat 8.0.4
Apache Tomcat 8.0.5
Apache Tomcat 8.0.6
Apache Tomcat 8.0.7
Apache Tomcat 8.0.8
Apache Tomcat 8.0.9
Apache Tomcat 8.0.10
Apache Tomcat 8.0.11
Apache Tomcat 8.0.12
Apache Tomcat 8.0.13
Apache Tomcat 8.0.14
Apache Tomcat 8.0.15
Apache Tomcat 8.0.16
Apache Tomcat 8.0.17
Apache Tomcat 8.0.18
Apache Tomcat 8.0.19
Apache Tomcat 8.0.20
Apache Tomcat 8.0.21
Apache Tomcat 8.0.22
Apache Tomcat 8.0.23
Apache Tomcat 8.0.24
Apache Tomcat 8.0.25
Apache Tomcat 8.0.26
Apache Tomcat 8.0.27
Apache Tomcat 8.0.28
Apache Tomcat 8.0.29
Apache Tomcat 8.0.30
Apache Tomcat 8.0.31
Apache Tomcat 8.0.32
Apache Tomcat 8.0.33
Apache Tomcat 8.0.34
Apache Tomcat 8.0.35
Apache Tomcat 8.0.36
Apache Tomcat 8.0.37
Apache Tomcat 8.0.38
Apache Tomcat 8.5.0
Apache Tomcat 8.5.1
Apache Tomcat 8.5.2
Apache Tomcat 8.5.3
Apache Tomcat 8.5.4
Apache Tomcat 8.5.5
Apache Tomcat 8.5.6
Apache Tomcat 9.0.0
1 EDB exploit available
2 Github repositories available
383
VMScore
CVE-2009-5120
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via...
Websense Websense Web Filter 7.0
Websense Websense Web Security 7.0
312
VMScore
CVE-2011-1570
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030....
Liferay Liferay Portal
1 Github repository available
383
VMScore
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag....
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 6.0
Apache Tomcat 6.0.0
Apache Tomcat 6.0.1
Apache Tomcat 6.0.2
Apache Tomcat 6.0.3
Apache Tomcat 6.0.4
Apache Tomcat 6.0.5
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.8
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.11
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
Apache Tomcat 6.0.16
Apache Tomcat 6.0.17
Apache Tomcat 6.0.18
Apache Tomcat 6.0.19
Apache Tomcat 6.0.20
Apache Tomcat 6.0.24
Apache Tomcat 6.0.26
Apache Tomcat 6.0.27
Apache Tomcat 6.0.28
Apache Tomcat 6.0.29
Apache Tomcat 5.5.0
Apache Tomcat 5.5.1
Apache Tomcat 5.5.2
Apache Tomcat 5.5.3
Apache Tomcat 5.5.4
Apache Tomcat 5.5.5
Apache Tomcat 5.5.6
Apache Tomcat 5.5.7
Apache Tomcat 5.5.8
Apache Tomcat 5.5.9
Apache Tomcat 5.5.10
Apache Tomcat 5.5.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.13
Apache Tomcat 5.5.14
Apache Tomcat 5.5.15
Apache Tomcat 5.5.16
Apache Tomcat 5.5.17
Apache Tomcat 5.5.18
Apache Tomcat 5.5.19
Apache Tomcat 5.5.20
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.23
Apache Tomcat 5.5.24
Apache Tomcat 5.5.25
Apache Tomcat 5.5.26
Apache Tomcat 5.5.27
Apache Tomcat 5.5.28
Apache Tomcat 5.5.29
Apache Tomcat 5.5.30
Apache Tomcat 5.5.31
435
VMScore
CVE-2010-4172
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or...
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
Apache Tomcat 6.0.16
Apache Tomcat 6.0.17
Apache Tomcat 6.0.18
Apache Tomcat 6.0.19
Apache Tomcat 6.0.20
Apache Tomcat 6.0.24
Apache Tomcat 6.0.26
Apache Tomcat 6.0.27
Apache Tomcat 6.0.28
Apache Tomcat 6.0.29
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
1 EDB exploit available
383
VMScore
CVE-2009-2696
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via...
Apache Tomcat
383
VMScore
CVE-2009-0781
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.4
Apache Tomcat 4.1.5
Apache Tomcat 4.1.6
Apache Tomcat 4.1.7
Apache Tomcat 4.1.8
Apache Tomcat 4.1.9
Apache Tomcat 4.1.10
Apache Tomcat 4.1.11
Apache Tomcat 4.1.12
Apache Tomcat 4.1.13
Apache Tomcat 4.1.14
Apache Tomcat 4.1.15
Apache Tomcat 4.1.16
Apache Tomcat 4.1.17
Apache Tomcat 4.1.18
Apache Tomcat 4.1.19
Apache Tomcat 4.1.20
Apache Tomcat 4.1.21
Apache Tomcat 4.1.22
Apache Tomcat 4.1.23
Apache Tomcat 4.1.24
Apache Tomcat 4.1.25
Apache Tomcat 4.1.26
Apache Tomcat 4.1.27
Apache Tomcat 4.1.28
Apache Tomcat 4.1.29
Apache Tomcat 4.1.30
Apache Tomcat 4.1.31
Apache Tomcat 4.1.32
Apache Tomcat 4.1.33
Apache Tomcat 4.1.34
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.37
Apache Tomcat 5.5.0
Apache Tomcat 5.5.1
Apache Tomcat 5.5.2
Apache Tomcat 5.5.3
Apache Tomcat 5.5.4
Apache Tomcat 5.5.5
Apache Tomcat 5.5.6
Apache Tomcat 5.5.7
Apache Tomcat 5.5.8
Apache Tomcat 5.5.9
Apache Tomcat 5.5.10
Apache Tomcat 5.5.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.13
Apache Tomcat 5.5.14
Apache Tomcat 5.5.15
Apache Tomcat 5.5.16
Apache Tomcat 5.5.17
Apache Tomcat 5.5.18
Apache Tomcat 5.5.19
Apache Tomcat 5.5.20
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.23
Apache Tomcat 5.5.24
Apache Tomcat 5.5.25
Apache Tomcat 5.5.26
Apache Tomcat 6.0
Apache Tomcat 6.0.0
Apache Tomcat 6.0.1
Apache Tomcat 6.0.2
Apache Tomcat 6.0.3
Apache Tomcat 6.0.4
Apache Tomcat 6.0.5
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.8
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.11
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
Apache Tomcat 6.0.16
435
VMScore
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.10
Apache Tomcat 4.1.12
Apache Tomcat 4.1.15
Apache Tomcat 4.1.24
Apache Tomcat 4.1.28
Apache Tomcat 4.1.31
Apache Tomcat 4.1.36
Apache Tomcat 5.5.0
Apache Tomcat 5.5.1
Apache Tomcat 5.5.2
Apache Tomcat 5.5.10
Apache Tomcat 5.5.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.13
Apache Tomcat 5.5.14
Apache Tomcat 5.5.15
Apache Tomcat 5.5.16
Apache Tomcat 5.5.17
Apache Tomcat 5.5.18
Apache Tomcat 5.5.19
Apache Tomcat 5.5.20
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.23
Apache Tomcat 5.5.24
Apache Tomcat 5.5.25
Apache Tomcat 6.0
Apache Tomcat 6.0.0
Apache Tomcat 6.0.1
Apache Tomcat 6.0.10
Apache Tomcat 6.0.11
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat 4.1.32
Apache Software Foundation Tomcat 4.1.34
Apache Software Foundation Tomcat 4.1.37
Apache Software Foundation Tomcat 5.5.26
Apache Software Foundation Tomcat 6.0.16
1 EDB exploit available
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
TCP
CVE-2020-4865
CVE-2021-3297
CVE-2018-15473
CVE-2021-3317
CVE-2021-23240
denial of service
CVE-2020-16107
1
2
3
NEXT »
Vulmon