[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2007-3386":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":60,"duplicate_of":9,"upstream":61,"downstream":62,"duplicates":69,"related":70,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":83,"kevs":232,"epss":233,"epss_history":236,"metrics":456,"affected":461},"CVE-2007-3386","Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":53,"platforms":54,"requires_auth":9,"exploitdb":56,"metasploit":9},"30495","Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting","exploit-database","https://www.exploit-db.com/exploits/30495","weaponized",0.8,true,"remote",[55],"multiple",{"verified":52,"type":53,"platform":55,"file":57,"codes":58},"exploits/multiple/remote/30495.html",[7,59],"OSVDB-36417",[],[],[63,65,67],{"_key":64},"RHSA-2007:0871",{"_key":66},"RHSA-2007:0876",{"_key":68},"DSA-1447-1",[],[],"2007-08-14T22:00:00.000Z","2024-08-07T14:14:13.015Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":76,"epss_score":77,"severity":78,"severity_score":79,"severity_version":80,"severity_source":81,"severity_vector":82,"severity_status":73},false,"critical",0.73782,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[84,91,97,103,108,113,118,123,127,133,137,141,145,150,155,159,164,168,172,177,183,188,192,198,202,206,210,214,219,223,227],{"url":85,"sources":86,"tags":88},"http://osvdb.org/36417",[87,81],"cve.org",[89,90],"VDB Entry","X Refsource OSVDB",{"url":92,"sources":93,"tags":94},"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html",[87,81],[95,96],"Vendor Advisory","X Refsource FEDORA",{"url":98,"sources":99,"tags":100},"http://secunia.com/advisories/27267",[87,81],[101,102],"Third Party Advisory","X Refsource SECUNIA",{"url":104,"sources":105,"tags":106},"http://www.vupen.com/english/advisories/2007/3527",[87,81],[89,107],"X Refsource VUPEN",{"url":109,"sources":110,"tags":111},"http://jvn.jp/jp/JVN%2359851336/index.html",[87,81],[101,112],"X Refsource JVN",{"url":114,"sources":115,"tags":116},"https://exchange.xforce.ibmcloud.com/vulnerabilities/36001",[87,81],[89,117],"X Refsource XF",{"url":119,"sources":120,"tags":121},"http://www.securityfocus.com/bid/25314",[87,81],[89,122],"X Refsource BID",{"url":124,"sources":125,"tags":126},"http://secunia.com/advisories/26465",[87,81],[101,102],{"url":128,"sources":129,"tags":130},"http://www.securityfocus.com/archive/1/500412/100/0/threaded",[87,81],[131,132],"Mailing List","X Refsource BUGTRAQ",{"url":134,"sources":135,"tags":136},"http://secunia.com/advisories/33668",[87,81],[101,102],{"url":138,"sources":139,"tags":140},"http://www.securityfocus.com/archive/1/500396/100/0/threaded",[87,81],[131,132],{"url":142,"sources":143,"tags":144},"http://secunia.com/advisories/26898",[87,81],[101,102],{"url":146,"sources":147,"tags":148},"http://securitytracker.com/id?1018558",[87,81],[89,149],"X Refsource SECTRACK",{"url":151,"sources":152,"tags":153},"http://securityreason.com/securityalert/3010",[87,81],[101,154],"X Refsource SREASON",{"url":156,"sources":157,"tags":158},"http://www.vupen.com/english/advisories/2007/2880",[87,81],[89,107],{"url":160,"sources":161,"tags":162},"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554",[87,81],[95,163],"X Refsource HP",{"url":165,"sources":166,"tags":167},"http://secunia.com/advisories/28317",[87,81],[101,102],{"url":169,"sources":170,"tags":171},"http://www.vupen.com/english/advisories/2009/0233",[87,81],[89,107],{"url":173,"sources":174,"tags":175},"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html",[87,81],[95,176],"X Refsource SUSE",{"url":178,"sources":179,"tags":180},"http://tomcat.apache.org/security-6.html",[87,81],[181,182],"X Refsource CONFIRM","Patch",{"url":184,"sources":185,"tags":186},"http://www.redhat.com/support/errata/RHSA-2007-0871.html",[87,81],[95,187],"X Refsource REDHAT",{"url":189,"sources":190,"tags":191},"http://www.vupen.com/english/advisories/2007/3386",[87,81],[89,107],{"url":193,"sources":194,"tags":195},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077",[87,81],[89,196,197],"Signature","X Refsource OVAL",{"url":199,"sources":200,"tags":201},"http://www.securityfocus.com/archive/1/476448/100/0/threaded",[87,81],[131,132],{"url":203,"sources":204,"tags":205},"http://secunia.com/advisories/27037",[87,81],[101,102],{"url":207,"sources":208,"tags":209},"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",[87,81],[95,163],{"url":211,"sources":212,"tags":213},"http://secunia.com/advisories/27727",[87,81],[101,102],{"url":215,"sources":216,"tags":217},"http://www.debian.org/security/2008/dsa-1447",[87,81],[95,218],"X Refsource DEBIAN",{"url":220,"sources":221,"tags":222},"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",[87,81],[181],{"url":224,"sources":225,"tags":226},"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",[87,81],[181],{"url":228,"sources":229,"tags":230},"http://www.mandriva.com/security/advisories?name=MDKSA-2007:241",[87,81],[95,231],"X Refsource MANDRIVA",[],{"date":234,"score":77,"percentile":235},"2026-06-04",0.98837,[237,241,244,246,249,251,253,255,258,260,263,265,267,269,271,274,277,280,282,285,287,289,291,293,295,297,299,301,305,308,311,314,316,318,321,323,326,329,331,334,337,339,341,343,346,349,351,353,356,358,361,364,367,369,372,374,376,378,380,383,386,388,391,393,395,397,399,402,405,407,409,411,414,416,418,421,424,426,428,431,433,435,437,439,441,443,446,448,450,453],{"date":238,"score":239,"percentile":240},"2025-11-04",0.69672,0.98587,{"date":242,"score":239,"percentile":243},"2025-11-05",0.98585,{"date":245,"score":239,"percentile":243},"2025-11-06",{"date":247,"score":239,"percentile":248},"2025-11-07",0.98583,{"date":250,"score":239,"percentile":248},"2025-11-08",{"date":252,"score":239,"percentile":248},"2025-11-09",{"date":254,"score":239,"percentile":248},"2025-11-10",{"date":256,"score":239,"percentile":257},"2025-11-11",0.98584,{"date":259,"score":239,"percentile":243},"2025-11-12",{"date":261,"score":239,"percentile":262},"2025-11-13",0.98586,{"date":264,"score":239,"percentile":262},"2025-11-14",{"date":266,"score":239,"percentile":243},"2025-11-15",{"date":268,"score":239,"percentile":262},"2025-11-16",{"date":270,"score":239,"percentile":240},"2025-11-17",{"date":272,"score":239,"percentile":273},"2025-11-18",0.98698,{"date":275,"score":239,"percentile":276},"2025-11-19",0.98699,{"date":278,"score":239,"percentile":279},"2025-11-20",0.987,{"date":281,"score":239,"percentile":257},"2025-11-21",{"date":283,"score":239,"percentile":284},"2025-11-22",0.98582,{"date":286,"score":239,"percentile":284},"2025-11-23",{"date":288,"score":239,"percentile":284},"2025-11-24",{"date":290,"score":239,"percentile":257},"2025-11-25",{"date":292,"score":239,"percentile":248},"2025-11-26",{"date":294,"score":239,"percentile":257},"2025-11-27",{"date":296,"score":239,"percentile":248},"2025-11-28",{"date":298,"score":239,"percentile":257},"2025-11-29",{"date":300,"score":239,"percentile":248},"2025-11-30",{"date":302,"score":303,"percentile":304},"2025-12-01",0.69959,0.98607,{"date":306,"score":303,"percentile":307},"2025-12-02",0.98608,{"date":309,"score":303,"percentile":310},"2025-12-03",0.9861,{"date":312,"score":303,"percentile":313},"2025-12-04",0.98595,{"date":315,"score":303,"percentile":313},"2025-12-05",{"date":317,"score":303,"percentile":313},"2025-12-06",{"date":319,"score":303,"percentile":320},"2025-12-07",0.98596,{"date":322,"score":303,"percentile":320},"2025-12-08",{"date":324,"score":303,"percentile":325},"2025-12-09",0.98597,{"date":327,"score":303,"percentile":328},"2025-12-10",0.98598,{"date":330,"score":303,"percentile":328},"2025-12-11",{"date":332,"score":303,"percentile":333},"2025-12-12",0.986,{"date":335,"score":303,"percentile":336},"2025-12-13",0.98599,{"date":338,"score":303,"percentile":336},"2025-12-14",{"date":340,"score":303,"percentile":336},"2025-12-15",{"date":342,"score":303,"percentile":333},"2025-12-16",{"date":344,"score":303,"percentile":345},"2025-12-17",0.98601,{"date":347,"score":303,"percentile":348},"2025-12-18",0.98602,{"date":350,"score":303,"percentile":348},"2025-12-19",{"date":352,"score":303,"percentile":348},"2025-12-20",{"date":354,"score":303,"percentile":355},"2025-12-21",0.98603,{"date":357,"score":303,"percentile":355},"2025-12-22",{"date":359,"score":303,"percentile":360},"2025-12-23",0.98604,{"date":362,"score":303,"percentile":363},"2025-12-24",0.98605,{"date":365,"score":303,"percentile":366},"2025-12-25",0.98606,{"date":368,"score":303,"percentile":366},"2025-12-26",{"date":370,"score":303,"percentile":371},"2025-12-27",0.9862,{"date":373,"score":303,"percentile":304},"2025-12-28",{"date":375,"score":303,"percentile":307},"2025-12-29",{"date":377,"score":303,"percentile":304},"2025-12-30",{"date":379,"score":303,"percentile":307},"2025-12-31",{"date":381,"score":303,"percentile":382},"2026-01-01",0.98622,{"date":384,"score":303,"percentile":385},"2026-01-02",0.98621,{"date":387,"score":303,"percentile":371},"2026-01-03",{"date":389,"score":303,"percentile":390},"2026-01-04",0.98609,{"date":392,"score":303,"percentile":307},"2026-01-05",{"date":394,"score":303,"percentile":390},"2026-01-06",{"date":396,"score":303,"percentile":310},"2026-01-07",{"date":398,"score":303,"percentile":310},"2026-01-08",{"date":400,"score":303,"percentile":401},"2026-01-09",0.98612,{"date":403,"score":303,"percentile":404},"2026-01-10",0.98613,{"date":406,"score":303,"percentile":401},"2026-01-11",{"date":408,"score":303,"percentile":401},"2026-01-12",{"date":410,"score":303,"percentile":401},"2026-01-13",{"date":412,"score":303,"percentile":413},"2026-01-14",0.98615,{"date":415,"score":303,"percentile":413},"2026-01-15",{"date":417,"score":303,"percentile":413},"2026-01-16",{"date":419,"score":303,"percentile":420},"2026-01-17",0.98616,{"date":422,"score":303,"percentile":423},"2026-01-18",0.98617,{"date":425,"score":303,"percentile":423},"2026-01-19",{"date":427,"score":303,"percentile":423},"2026-01-20",{"date":429,"score":303,"percentile":430},"2026-01-21",0.98618,{"date":432,"score":303,"percentile":371},"2026-01-22",{"date":434,"score":303,"percentile":385},"2026-01-23",{"date":436,"score":303,"percentile":385},"2026-01-24",{"date":438,"score":303,"percentile":385},"2026-01-25",{"date":440,"score":303,"percentile":382},"2026-01-26",{"date":442,"score":303,"percentile":382},"2026-01-27",{"date":444,"score":303,"percentile":445},"2026-01-28",0.98624,{"date":447,"score":303,"percentile":445},"2026-01-29",{"date":449,"score":303,"percentile":445},"2026-01-30",{"date":451,"score":303,"percentile":452},"2026-01-31",0.98623,{"date":454,"score":303,"percentile":455},"2026-02-01",0.98634,[457],{"source":81,"cvss_v2_0":458,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":459,"exploitabilityScore":460},2.9,8.6,[462],{"ecosystem":9,"name":463,"vendor":9,"product":463,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"Tomcat",[465,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542],{"version":466,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.0","cpe",{"version":469,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.1",{"version":471,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.2",{"version":473,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.3",{"version":475,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.4",{"version":477,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.5",{"version":479,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.6",{"version":481,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.7",{"version":483,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.8",{"version":485,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.9",{"version":487,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.10",{"version":489,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.11",{"version":491,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.12",{"version":493,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.13",{"version":495,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.14",{"version":497,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.15",{"version":499,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.16",{"version":501,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.17",{"version":503,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.18",{"version":505,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.19",{"version":507,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.20",{"version":509,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.21",{"version":511,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.22",{"version":513,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.23",{"version":515,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.24",{"version":517,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0",{"version":519,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.1",{"version":521,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.2",{"version":523,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.3",{"version":525,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.4",{"version":527,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.5",{"version":529,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.6",{"version":531,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.7",{"version":533,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.8",{"version":535,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.9",{"version":537,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.10",{"version":539,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.11",{"version":541,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.12",{"version":543,"is_range":75,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.13"]