CVE-2009-0781 — Cross-site Scripting in Apache Tomcat

CWE-79 — Cross-site Scripting10 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

37.3%

top 2.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedMar 9

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat83 versions+82

🔴Vulnerability Details

GHSA

Cross-site scripting in Apache Tomcat↗2022-05-02

▶

OSV

Cross-site scripting in Apache Tomcat↗2022-05-02

▶

CVEList

CVE-2009-0781: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2↗2009-03-09

▶

📋Vendor Advisories

Red Hat

tomcat: missing fix for CVE-2009-0781↗2010-08-02

▶

Ubuntu

Tomcat vulnerabilities↗2009-06-15

▶

Red Hat

tomcat: XSS in Apache Tomcat calendar application↗2009-03-06

▶

💬Community

Bugzilla

CVE-2009-2696 tomcat: missing fix for CVE-2009-0781↗2010-07-21

▶

Bugzilla

CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat5 vulnerabilities [Fedora all]↗2009-11-09

▶

Bugzilla

CVE-2009-0781 tomcat: XSS in Apache Tomcat calendar application↗2009-03-06

▶