Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-0221 - Vulnerability Database
Apache Tomcat

Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-0221

Medium
Reference: CVE-2019-0221
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-0221
Title: Apache Tomcat Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is therefore vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.