NA
CVSSv3

CVE-2006-7196

CVSSv4: NA | CVSSv3: NA | CVSSv2: 4.3 | VMScore: 530 | EPSS: 0.76559 | KEV: Not Included
Published: 10/05/2007 Updated: 09/04/2025

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.15 allows remote malicious users to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 4.0.0

apache tomcat 4.0.1

apache tomcat 4.0.2

apache tomcat 4.0.3

apache tomcat 4.0.4

apache tomcat 4.0.5

apache tomcat 4.0.6

apache tomcat 5.0.0

apache tomcat 5.0.1

apache tomcat 5.0.2

apache tomcat 5.0.3

apache tomcat 5.0.4

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.0.9

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.21

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.30

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

Exploits

source: wwwsecurityfocuscom/bid/25531/info Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may help th ...

References

CWE-79https://nvd.nist.govhttps://www.exploit-db.com/exploits/30563/https://www.first.org/epsshttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://osvdb.org/34888http://secunia.com/advisories/29242http://secunia.com/advisories/33668http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/478491/100/0/threadedhttp://www.securityfocus.com/archive/1/478609/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25531http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://osvdb.org/34888http://secunia.com/advisories/29242http://secunia.com/advisories/33668http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securityfocus.com/archive/1/478491/100/0/threadedhttp://www.securityfocus.com/archive/1/478609/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/25531http://www.vupen.com/english/advisories/2007/1729http://www.vupen.com/english/advisories/2009/0233https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E