CVE-2006-7196
Apache Tomcat 4.0.0-4.1.31 - Cross-Site Scripting via Calendar Time Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-7196. PoCs published by Tushar Vartak.
AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.31. The vulnerability arises from insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Exploits (1)
This is a writeup describing a cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.31. The vulnerability arises from insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.