Exploitation Summary
EIP tracks 1 public exploit for CVE-2026-50229. PoCs published by zero-trace7.
AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2026-50229, a reflected Cross-Site Scripting (XSS) vulnerability in Apache Tomcat's bundled examples web application (numguess.jsp). The tool tests multiple XSS payloads against vulnerable endpoints but does not execute malicious actions beyond detection.
Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
Exploits (1)
This repository contains a Python-based scanner for CVE-2026-50229, a reflected Cross-Site Scripting (XSS) vulnerability in Apache Tomcat's bundled examples web application (numguess.jsp). The tool tests multiple XSS payloads against vulnerable endpoints but does not execute malicious actions beyond detection.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N