Bug 2494688 (CVE-2026-50229)
| Summary: | CVE-2026-50229 tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | csutherl, dsoumis, jclere, jwon, pjindal, plodge, rhel-process-autobot, rmaucher, szappis, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting (XSS), allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to unauthorized access to sensitive information or allow an attacker to alter the content of the website.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2494711 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-06-29 21:02:49 UTC
|