Apache Tomcat 7.0.x < 7.0.5 Cross-Site Scripting Vulnerability
Medium Log Correlation Engine Plugin ID 800614
SynopsisThe remote web server is affected by a cross-site scripting vulnerability.
DescriptionVersions of Tomcat 7.0.x earlier than 7.0.5 are potentially affected by a cross-site scripting vulnerability because the application uses the user supplied parameters 'sort' and 'orderBy' directly wihtout filtering.
SolutionUpgrade to Apache Tomcat 7.0.5 or later.