Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-7196 — Cross-site Scripting in Apache Tomcat

CWE-79 — Cross-site Scripting10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
79.9%
top 0.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedMay 10
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/tomcat4.1.31+53

🔴Vulnerability Details

3
GHSA
Cross-site scripting in Apache Tomcat↗2022-05-01
â–¶
OSV
Cross-site scripting in Apache Tomcat↗2022-05-01
â–¶
CVEList
CVE-2006-7196: Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4↗2007-05-09
â–¶

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting↗2007-09-04
â–¶

📋Vendor Advisories

1
Red Hat
tomcat XSS in example webapps↗2007-04-26
â–¶

💬Community

4
Bugzilla
A number of tomcat issues↗2007-05-09
â–¶
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30
â–¶
Bugzilla
CVE-2006-7196 tomcat XSS in example webapps↗2007-04-27
â–¶
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)↗2007-04-19
â–¶
CVE-2006-7196 — Cross-site Scripting in Apache Tomcat | cvebase