Re: Tomcat cross-site scripting vulnerability

...@cisco.com] Sent: 04 July 2014 18:45 To: Tomcat Users List Subject: RE: Tomcat cross-site scripting vulnerability I think application needs to take care of CSRF. -Original Message- From: carl [mailto:c...@etrak-plus.com] Sent: Friday, July 04, 2014 6:43 PM To: users@tomcat.apache.org

RE: Tomcat cross-site scripting vulnerability

Users List Subject: RE: Tomcat cross-site scripting vulnerability I think application needs to take care of CSRF. -Original Message- From: carl [mailto:c...@etrak-plus.com] Sent: Friday, July 04, 2014 6:43 PM To: users@tomcat.apache.org Subject: Tomcat cross-site scripting vulnerability

Re: Tomcat cross-site scripting vulnerability

On 7/4/2014 9:31 AM, Mark Thomas wrote: On 04/07/2014 14:12, carl wrote: Our latest PCI scan using the Saint scanner shows the following: 404 Error Page Cross Site Scripting Vulnerability 12/21/09 Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sani

Re: Tomcat cross-site scripting vulnerability

On 04/07/2014 14:12, carl wrote: > Our latest PCI scan using the Saint scanner shows the following: > > 404 Error Page Cross Site Scripting Vulnerability > 12/21/09 > Apache Tomcat is prone to a cross-site scripting vulnerability because > it fails to properly sanitize user-supplied input. > An at

RE: Tomcat cross-site scripting vulnerability

I think application needs to take care of CSRF. -Original Message- From: carl [mailto:c...@etrak-plus.com] Sent: Friday, July 04, 2014 6:43 PM To: users@tomcat.apache.org Subject: Tomcat cross-site scripting vulnerability Our latest PCI scan using the Saint scanner shows the following: