Tomcat Sample App hello.jsp 'test' Parameter XSS
Medium Nessus Plugin ID 25289
SynopsisThe remote web server contains a JSP application that is affected by a cross-site scripting vulnerability.
DescriptionThe remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in an error page. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.
SolutionUndeploy the Tomcat documentation web application.