CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4172

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.299

EPSS Ranking 96.4%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2010-4172

Apache » Tomcat » Version: 6.0.12

cpe:2.3:a:apache:tomcat:6.0.12
Apache » Tomcat » Version: 6.0.13

cpe:2.3:a:apache:tomcat:6.0.13
Apache » Tomcat » Version: 6.0.14

cpe:2.3:a:apache:tomcat:6.0.14
Apache » Tomcat » Version: 6.0.15

cpe:2.3:a:apache:tomcat:6.0.15
Apache » Tomcat » Version: 6.0.16

cpe:2.3:a:apache:tomcat:6.0.16
Apache » Tomcat » Version: 6.0.17

cpe:2.3:a:apache:tomcat:6.0.17
Apache » Tomcat » Version: 6.0.18

cpe:2.3:a:apache:tomcat:6.0.18
Apache » Tomcat » Version: 6.0.19

cpe:2.3:a:apache:tomcat:6.0.19
Apache » Tomcat » Version: 6.0.20

cpe:2.3:a:apache:tomcat:6.0.20
Apache » Tomcat » Version: 6.0.24

cpe:2.3:a:apache:tomcat:6.0.24
Apache » Tomcat » Version: 6.0.26

cpe:2.3:a:apache:tomcat:6.0.26
Apache » Tomcat » Version: 6.0.27

cpe:2.3:a:apache:tomcat:6.0.27
Apache » Tomcat » Version: 6.0.28

cpe:2.3:a:apache:tomcat:6.0.28
Apache » Tomcat » Version: 6.0.29

cpe:2.3:a:apache:tomcat:6.0.29
Apache » Tomcat » Version: 7.0.0

cpe:2.3:a:apache:tomcat:7.0.0
Apache » Tomcat » Version: 7.0.1

cpe:2.3:a:apache:tomcat:7.0.1
Apache » Tomcat » Version: 7.0.2

cpe:2.3:a:apache:tomcat:7.0.2
Apache » Tomcat » Version: 7.0.3

cpe:2.3:a:apache:tomcat:7.0.3
Apache » Tomcat » Version: 7.0.4

cpe:2.3:a:apache:tomcat:7.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4172

Products

Pricing

Contact Us