[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-2696":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":50,"related":51,"reserved_at":9,"published_at":52,"modified_at":53,"state":54,"summary":55,"references_raw":64,"kevs":90,"epss":91,"epss_history":94,"metrics":349,"affected":354},"CVE-2009-2696","Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\" NOTE: this is due to a missing fix for CVE-2009-0781.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48],{"_key":49},"RHSA-2010:0580",[],[],"2010-08-05T18:00:00.000Z","2024-08-07T05:59:57.012Z","Modified",{"cisa_kev":56,"cisa_ransomware":56,"cisa_vendor":9,"epss_severity":57,"epss_score":58,"severity":59,"severity_score":60,"severity_version":61,"severity_source":62,"severity_vector":63,"severity_status":54},false,"low",0.00882,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[65,72,78,84],{"url":66,"sources":67,"tags":69},"https://bugzilla.redhat.com/show_bug.cgi?id=616717",[68,62],"cve.org",[70,71],"X Refsource CONFIRM","Issue Tracking",{"url":73,"sources":74,"tags":75},"http://www.vupen.com/english/advisories/2010/1986",[68,62],[76,77],"VDB Entry","X Refsource VUPEN",{"url":79,"sources":80,"tags":81},"http://www.redhat.com/support/errata/RHSA-2010-0580.html",[68,62],[82,83],"Vendor Advisory","X Refsource REDHAT",{"url":85,"sources":86,"tags":87},"http://secunia.com/advisories/40813",[68,62],[88,89,82],"Third Party Advisory","X Refsource SECUNIA",[],{"date":92,"score":58,"percentile":93},"2026-06-04",0.7574,[95,98,101,104,107,110,113,116,119,121,124,127,130,133,136,139,142,145,148,151,154,156,158,160,162,165,168,170,173,176,179,182,184,187,189,191,194,197,200,203,206,209,211,214,217,220,223,226,229,232,234,237,240,243,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,294,297,299,302,305,308,311,314,316,319,321,324,327,330,333,336,338,341,344,346],{"date":96,"score":58,"percentile":97},"2025-11-04",0.74635,{"date":99,"score":58,"percentile":100},"2025-11-05",0.74626,{"date":102,"score":58,"percentile":103},"2025-11-06",0.74625,{"date":105,"score":58,"percentile":106},"2025-11-07",0.74642,{"date":108,"score":58,"percentile":109},"2025-11-08",0.74641,{"date":111,"score":58,"percentile":112},"2025-11-09",0.74636,{"date":114,"score":58,"percentile":115},"2025-11-10",0.74621,{"date":117,"score":58,"percentile":118},"2025-11-11",0.74623,{"date":120,"score":58,"percentile":109},"2025-11-12",{"date":122,"score":58,"percentile":123},"2025-11-13",0.74648,{"date":125,"score":58,"percentile":126},"2025-11-14",0.74653,{"date":128,"score":58,"percentile":129},"2025-11-15",0.7465,{"date":131,"score":58,"percentile":132},"2025-11-16",0.74649,{"date":134,"score":58,"percentile":135},"2025-11-17",0.74639,{"date":137,"score":58,"percentile":138},"2025-11-18",0.7338,{"date":140,"score":58,"percentile":141},"2025-11-19",0.73388,{"date":143,"score":58,"percentile":144},"2025-11-20",0.73397,{"date":146,"score":58,"percentile":147},"2025-11-21",0.74665,{"date":149,"score":58,"percentile":150},"2025-11-22",0.74657,{"date":152,"score":58,"percentile":153},"2025-11-23",0.74644,{"date":155,"score":58,"percentile":135},"2025-11-24",{"date":157,"score":58,"percentile":109},"2025-11-25",{"date":159,"score":58,"percentile":123},"2025-11-26",{"date":161,"score":58,"percentile":129},"2025-11-27",{"date":163,"score":58,"percentile":164},"2025-11-28",0.74638,{"date":166,"score":58,"percentile":167},"2025-11-29",0.74637,{"date":169,"score":58,"percentile":167},"2025-11-30",{"date":171,"score":58,"percentile":172},"2025-12-01",0.74768,{"date":174,"score":58,"percentile":175},"2025-12-02",0.74776,{"date":177,"score":58,"percentile":178},"2025-12-03",0.74766,{"date":180,"score":58,"percentile":181},"2025-12-04",0.74634,{"date":183,"score":58,"percentile":153},"2025-12-05",{"date":185,"score":58,"percentile":186},"2025-12-06",0.74647,{"date":188,"score":58,"percentile":153},"2025-12-07",{"date":190,"score":58,"percentile":186},"2025-12-08",{"date":192,"score":58,"percentile":193},"2025-12-09",0.74678,{"date":195,"score":58,"percentile":196},"2025-12-10",0.74704,{"date":198,"score":58,"percentile":199},"2025-12-11",0.7472,{"date":201,"score":58,"percentile":202},"2025-12-12",0.74742,{"date":204,"score":58,"percentile":205},"2025-12-13",0.74751,{"date":207,"score":58,"percentile":208},"2025-12-14",0.74748,{"date":210,"score":58,"percentile":205},"2025-12-15",{"date":212,"score":58,"percentile":213},"2025-12-16",0.74763,{"date":215,"score":58,"percentile":216},"2025-12-17",0.74773,{"date":218,"score":58,"percentile":219},"2025-12-18",0.74795,{"date":221,"score":58,"percentile":222},"2025-12-19",0.74813,{"date":224,"score":58,"percentile":225},"2025-12-20",0.74808,{"date":227,"score":58,"percentile":228},"2025-12-21",0.74801,{"date":230,"score":58,"percentile":231},"2025-12-22",0.748,{"date":233,"score":58,"percentile":219},"2025-12-23",{"date":235,"score":58,"percentile":236},"2025-12-24",0.74805,{"date":238,"score":58,"percentile":239},"2025-12-25",0.7483,{"date":241,"score":58,"percentile":242},"2025-12-26",0.74828,{"date":244,"score":245,"percentile":246},"2025-12-27",0.01009,0.76601,{"date":248,"score":58,"percentile":249},"2025-12-28",0.74809,{"date":251,"score":58,"percentile":252},"2025-12-29",0.74806,{"date":254,"score":58,"percentile":255},"2025-12-30",0.74822,{"date":257,"score":58,"percentile":258},"2025-12-31",0.74842,{"date":260,"score":58,"percentile":261},"2026-01-01",0.74988,{"date":263,"score":58,"percentile":264},"2026-01-02",0.74991,{"date":266,"score":58,"percentile":267},"2026-01-03",0.7499,{"date":269,"score":58,"percentile":270},"2026-01-04",0.74853,{"date":272,"score":58,"percentile":273},"2026-01-05",0.74847,{"date":275,"score":58,"percentile":276},"2026-01-06",0.7486,{"date":278,"score":58,"percentile":279},"2026-01-07",0.7487,{"date":281,"score":58,"percentile":282},"2026-01-08",0.74884,{"date":284,"score":58,"percentile":285},"2026-01-09",0.74888,{"date":287,"score":58,"percentile":288},"2026-01-10",0.74886,{"date":290,"score":58,"percentile":291},"2026-01-11",0.74874,{"date":293,"score":58,"percentile":276},"2026-01-12",{"date":295,"score":58,"percentile":296},"2026-01-13",0.74859,{"date":298,"score":58,"percentile":288},"2026-01-14",{"date":300,"score":58,"percentile":301},"2026-01-15",0.74895,{"date":303,"score":58,"percentile":304},"2026-01-16",0.74909,{"date":306,"score":58,"percentile":307},"2026-01-17",0.74907,{"date":309,"score":58,"percentile":310},"2026-01-18",0.74889,{"date":312,"score":58,"percentile":313},"2026-01-19",0.7488,{"date":315,"score":58,"percentile":282},"2026-01-20",{"date":317,"score":58,"percentile":318},"2026-01-21",0.7489,{"date":320,"score":58,"percentile":301},"2026-01-22",{"date":322,"score":58,"percentile":323},"2026-01-23",0.74922,{"date":325,"score":58,"percentile":326},"2026-01-24",0.7493,{"date":328,"score":58,"percentile":329},"2026-01-25",0.74915,{"date":331,"score":58,"percentile":332},"2026-01-26",0.74914,{"date":334,"score":58,"percentile":335},"2026-01-27",0.74923,{"date":337,"score":58,"percentile":326},"2026-01-28",{"date":339,"score":58,"percentile":340},"2026-01-29",0.74927,{"date":342,"score":58,"percentile":343},"2026-01-30",0.74928,{"date":345,"score":58,"percentile":326},"2026-01-31",{"date":347,"score":58,"percentile":348},"2026-02-01",0.7505,[350],{"source":62,"cvss_v2_0":351,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":60,"baseSeverity":9,"vectorString":63,"impactScore":352,"exploitabilityScore":353},2.9,8.6,[355],{"ecosystem":9,"name":356,"vendor":9,"product":356,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":357},"Tomcat",[358],{"version":359,"is_range":360,"range_type":361,"version_start":9,"version_start_type":9,"version_end":362,"version_end_type":363,"fixed_in":9},"lte4.1.39",true,"cpe","4.1.39","including"]