CVE-2009-0781 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the
calendar application in the examples web application in Apache Tomcat 4.1.0
through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows
remote attackers to inject arbitrary web script or HTML via the time
parameter, related to "invalid HTML."
Notes
 mdeslaur> PoC: http://seclists.org/bugtraq/2009/Mar/0054.html
Package
Upstream:needs-triage
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&revision=750928
Package
Upstream:needs-triage
Patches:
Upstream:http://svn.apache.org/viewvc?view=rev&revision=750924
More Information

Updated: 2019-03-26 11:47:21 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)