CVE-2007-3386 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-3386 Interim 1 5 2023-12-09T02:14:09Z current 2021-05-30T12:39:19Z 2023-12-09T02:14:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-3386 Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. CVE-2007-3386 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N