Page 3 of 15 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. • https://www.exploit-db.com/exploits/23262 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html http://secunia.com/advisories/10031 http://www.securityfocus.com/bid/8852 https://exchange.xforce.ibmcloud.com/vulnerabilities/13460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. • http://online.securityfocus.com/archive/1/278747 http://www.iss.net/security_center/static/9419.php http://www.securityfocus.com/bid/5095 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. • http://seclists.org/bugtraq/2002/Jul/0186.html http://www.securityfocus.com/bid/5252 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources. • http://online.securityfocus.com/archive/1/277232 http://www.iss.net/security_center/static/9352.php http://www.securityfocus.com/bid/5032 •