icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Tomcat 7.0.x < 7.0.5 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

Versions of Tomcat 7.0.x earlier than 7.0.5 are potentially affected by a cross-site scripting vulnerability because the application uses the user supplied parameters 'sort' and 'orderBy' directly wihtout filtering.

Solution

Upgrade to Apache Tomcat 7.0.5 or later.