CVE-2001-0829Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Apache Tomcat

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
1.0%
top 23.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedDec 6
Latest updateApr 30

Description

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDapache/tomcat3.2.1

Patches

Patch: jakarta.apache.orgPatch: www.securityfocus.comPatch: jakarta.apache.org

🔴Vulnerability Details

3
OSV
Apache Tomcat allows webmasters to insert xss into error messages2022-04-30
GHSA
Apache Tomcat allows webmasters to insert xss into error messages2022-04-30
CVEList
CVE-2001-0829: A cross-site scripting vulnerability in Apache Tomcat 32001-11-22
CVE-2001-0829 — Apache Tomcat vulnerability | cvebase