CVE-2007-3384Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Apache Tomcat

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
6.4%
top 8.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedAug 8
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
OSV
Apache Tomcat's CookieExample Vulnerable to XSS2022-05-01
GHSA
Apache Tomcat's CookieExample Vulnerable to XSS2022-05-01
CVEList
CVE-2007-3384: Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 32007-08-08
CVE-2007-3384 — Apache Tomcat vulnerability | cvebase