[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2010-4172":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":69,"duplicate_of":9,"upstream":71,"downstream":72,"duplicates":77,"related":78,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":89,"kevs":256,"epss":257,"epss_history":260,"metrics":501,"affected":506},"CVE-2010-4172","Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,54],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_0BE9FCE42803489E","Exploit Reference (securityfocus.com)","reference","http://www.securityfocus.com/bid/45015","unknown",0.2,false,[],{"_key":55,"name":56,"source":57,"url":58,"maturity":59,"reliability_score":60,"verified":61,"type":62,"platforms":63,"requires_auth":9,"exploitdb":65,"metasploit":9},"35011","Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting","exploit-database","https://www.exploit-db.com/exploits/35011","weaponized",0.8,true,"remote",[64],"linux",{"verified":61,"type":62,"platform":64,"file":66,"codes":67},"exploits/linux/remote/35011.txt",[7,68],"OSVDB-69456",[70],"GHSA-c78g-qwpw-2jgv",[],[73,75],{"_key":74},"RHSA-2011:0791",{"_key":76},"RHSA-2011:0897",[],[],"2010-11-26T19:00:00.000Z","2024-08-07T03:34:37.407Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":83,"epss_score":84,"severity":83,"severity_score":85,"severity_version":86,"severity_source":87,"severity_vector":88,"severity_status":81},"medium",0.11901,4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[90,97,103,108,114,118,124,129,135,140,145,150,155,159,163,167,171,176,180,184,189,193,197,201,206,211,215,220,224,228,232,236,240,244,248,252],{"url":91,"sources":92,"tags":94},"http://www.ubuntu.com/usn/USN-1048-1",[93,87],"cve.org",[95,96],"Vendor Advisory","X Refsource UBUNTU",{"url":98,"sources":99,"tags":100},"http://secunia.com/advisories/42337",[93,87],[101,102,95],"Third Party Advisory","X Refsource SECUNIA",{"url":104,"sources":105,"tags":106},"http://svn.apache.org/viewvc?view=revision&revision=1037778",[93,87],[107],"X Refsource CONFIRM",{"url":109,"sources":110,"tags":111},"http://www.securityfocus.com/archive/1/514866/100/0/threaded",[93,87],[112,113],"Mailing List","X Refsource BUGTRAQ",{"url":115,"sources":116,"tags":117},"http://secunia.com/advisories/45022",[93,87],[101,102],{"url":119,"sources":120,"tags":121},"https://exchange.xforce.ibmcloud.com/vulnerabilities/63422",[93,87],[122,123],"VDB Entry","X Refsource XF",{"url":125,"sources":126,"tags":127},"http://tomcat.apache.org/security-7.html",[93,87],[107,128,95],"Patch",{"url":130,"sources":131,"tags":133},"https://bugzilla.redhat.com/show_bug.cgi?id=656246",[93,87,132],"osv_maven",[107,134],"WEB",{"url":136,"sources":137,"tags":138},"http://www.vupen.com/english/advisories/2010/3047",[93,87],[122,139,95],"X Refsource VUPEN",{"url":141,"sources":142,"tags":143},"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",[93,87],[95,144],"X Refsource APPLE",{"url":146,"sources":147,"tags":148},"http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html",[93,87],[112,149],"X Refsource FULLDISC",{"url":151,"sources":152,"tags":153},"http://www.redhat.com/support/errata/RHSA-2011-0897.html",[93,87],[95,154],"X Refsource REDHAT",{"url":156,"sources":157,"tags":158},"http://tomcat.apache.org/security-6.html",[93,87],[107],{"url":160,"sources":161,"tags":162},"http://secunia.com/advisories/57126",[93,87],[101,102],{"url":164,"sources":165,"tags":166},"http://www.redhat.com/support/errata/RHSA-2011-0791.html",[93,87],[95,154],{"url":168,"sources":169,"tags":170},"http://www.vupen.com/english/advisories/2011/0203",[93,87],[122,139],{"url":172,"sources":173,"tags":174},"http://securitytracker.com/id?1024764",[93,87],[122,175],"X Refsource SECTRACK",{"url":177,"sources":178,"tags":179},"http://www.redhat.com/support/errata/RHSA-2011-0896.html",[93,87],[95,154],{"url":181,"sources":182,"tags":183},"http://support.apple.com/kb/HT5002",[93,87],[107],{"url":185,"sources":186,"tags":187},"http://marc.info/?l=bugtraq&m=139344343412337&w=2",[93,87],[95,188],"X Refsource HP",{"url":190,"sources":191,"tags":192},"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html",[93,87],[107],{"url":194,"sources":195,"tags":196},"http://secunia.com/advisories/43019",[93,87],[101,102],{"url":198,"sources":199,"tags":200},"http://svn.apache.org/viewvc?view=revision&revision=1037779",[93,87],[107],{"url":49,"sources":202,"tags":203},[93,87],[122,204,205],"X Refsource BID","Exploit",{"url":207,"sources":208,"tags":209},"https://nvd.nist.gov/vuln/detail/CVE-2010-4172",[132],[210],"Advisory",{"url":212,"sources":213,"tags":214},"https://github.com/apache/tomcat/commit/5971f9392edc6d70808b2599b062b050fcd11d23",[132],[134],{"url":216,"sources":217,"tags":218},"https://github.com/apache/tomcat",[132],[219],"PACKAGE",{"url":221,"sources":222,"tags":223},"https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",[132],[134],{"url":225,"sources":226,"tags":227},"https://marc.info/?l=bugtraq&m=139344343412337&w=2",[132],[134],{"url":229,"sources":230,"tags":231},"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.5",[132],[134],{"url":233,"sources":234,"tags":235},"https://www.redhat.com/support/errata/RHSA-2011-0896.html",[132],[134],{"url":237,"sources":238,"tags":239},"https://www.redhat.com/support/errata/RHSA-2011-0897.html",[132],[134],{"url":241,"sources":242,"tags":243},"https://www.securityfocus.com/archive/1/514866/100/0/threaded",[132],[134],{"url":245,"sources":246,"tags":247},"https://www.ubuntu.com/usn/USN-1048-1",[132],[134],{"url":249,"sources":250,"tags":251},"https://www.vupen.com/english/advisories/2010/3047",[132],[134],{"url":253,"sources":254,"tags":255},"https://www.vupen.com/english/advisories/2011/0203",[132],[134],[],{"date":258,"score":84,"percentile":259},"2026-06-04",0.93877,[261,265,268,271,274,276,278,281,284,287,290,293,296,298,301,304,307,310,313,316,318,321,323,326,329,332,335,338,341,344,347,350,353,355,358,360,363,366,369,372,374,377,380,383,386,389,391,393,395,397,399,401,404,407,410,413,415,418,420,423,426,428,430,432,434,436,438,441,444,446,449,451,454,457,460,463,466,468,471,474,476,478,481,484,486,488,491,493,495,498],{"date":262,"score":263,"percentile":264},"2025-11-04",0.29935,0.96426,{"date":266,"score":263,"percentile":267},"2025-11-05",0.96425,{"date":269,"score":263,"percentile":270},"2025-11-06",0.96427,{"date":272,"score":263,"percentile":273},"2025-11-07",0.96429,{"date":275,"score":263,"percentile":273},"2025-11-08",{"date":277,"score":263,"percentile":273},"2025-11-09",{"date":279,"score":263,"percentile":280},"2025-11-10",0.96428,{"date":282,"score":263,"percentile":283},"2025-11-11",0.9643,{"date":285,"score":263,"percentile":286},"2025-11-12",0.96432,{"date":288,"score":263,"percentile":289},"2025-11-13",0.96434,{"date":291,"score":263,"percentile":292},"2025-11-14",0.96436,{"date":294,"score":263,"percentile":295},"2025-11-15",0.96435,{"date":297,"score":263,"percentile":295},"2025-11-16",{"date":299,"score":263,"percentile":300},"2025-11-17",0.96437,{"date":302,"score":263,"percentile":303},"2025-11-18",0.96386,{"date":305,"score":263,"percentile":306},"2025-11-19",0.96387,{"date":308,"score":263,"percentile":309},"2025-11-20",0.96389,{"date":311,"score":263,"percentile":312},"2025-11-21",0.96446,{"date":314,"score":263,"percentile":315},"2025-11-22",0.96445,{"date":317,"score":263,"percentile":315},"2025-11-23",{"date":319,"score":263,"percentile":320},"2025-11-24",0.96449,{"date":322,"score":263,"percentile":320},"2025-11-25",{"date":324,"score":263,"percentile":325},"2025-11-26",0.9645,{"date":327,"score":263,"percentile":328},"2025-11-27",0.96452,{"date":330,"score":263,"percentile":331},"2025-11-28",0.96451,{"date":333,"score":263,"percentile":334},"2025-11-29",0.96453,{"date":336,"score":263,"percentile":337},"2025-11-30",0.96454,{"date":339,"score":263,"percentile":340},"2025-12-01",0.96484,{"date":342,"score":263,"percentile":343},"2025-12-02",0.96483,{"date":345,"score":263,"percentile":346},"2025-12-03",0.96486,{"date":348,"score":263,"percentile":349},"2025-12-04",0.96457,{"date":351,"score":263,"percentile":352},"2025-12-05",0.96459,{"date":354,"score":263,"percentile":352},"2025-12-06",{"date":356,"score":263,"percentile":357},"2025-12-07",0.96458,{"date":359,"score":263,"percentile":349},"2025-12-08",{"date":361,"score":263,"percentile":362},"2025-12-09",0.9646,{"date":364,"score":263,"percentile":365},"2025-12-10",0.96464,{"date":367,"score":263,"percentile":368},"2025-12-11",0.96466,{"date":370,"score":263,"percentile":371},"2025-12-12",0.96468,{"date":373,"score":263,"percentile":368},"2025-12-13",{"date":375,"score":263,"percentile":376},"2025-12-14",0.96467,{"date":378,"score":263,"percentile":379},"2025-12-15",0.96469,{"date":381,"score":263,"percentile":382},"2025-12-16",0.96473,{"date":384,"score":263,"percentile":385},"2025-12-17",0.96475,{"date":387,"score":263,"percentile":388},"2025-12-18",0.96476,{"date":390,"score":263,"percentile":385},"2025-12-19",{"date":392,"score":263,"percentile":388},"2025-12-20",{"date":394,"score":263,"percentile":385},"2025-12-21",{"date":396,"score":263,"percentile":388},"2025-12-22",{"date":398,"score":263,"percentile":385},"2025-12-23",{"date":400,"score":263,"percentile":388},"2025-12-24",{"date":402,"score":263,"percentile":403},"2025-12-25",0.96481,{"date":405,"score":263,"percentile":406},"2025-12-26",0.9648,{"date":408,"score":263,"percentile":409},"2025-12-27",0.96509,{"date":411,"score":263,"percentile":412},"2025-12-28",0.96479,{"date":414,"score":263,"percentile":412},"2025-12-29",{"date":416,"score":263,"percentile":417},"2025-12-30",0.96482,{"date":419,"score":263,"percentile":346},"2025-12-31",{"date":421,"score":263,"percentile":422},"2026-01-01",0.96517,{"date":424,"score":263,"percentile":425},"2026-01-02",0.96513,{"date":427,"score":263,"percentile":425},"2026-01-03",{"date":429,"score":263,"percentile":417},"2026-01-04",{"date":431,"score":263,"percentile":403},"2026-01-05",{"date":433,"score":263,"percentile":417},"2026-01-06",{"date":435,"score":263,"percentile":340},"2026-01-07",{"date":437,"score":263,"percentile":346},"2026-01-08",{"date":439,"score":263,"percentile":440},"2026-01-09",0.96489,{"date":442,"score":263,"percentile":443},"2026-01-10",0.9649,{"date":445,"score":263,"percentile":443},"2026-01-11",{"date":447,"score":263,"percentile":448},"2026-01-12",0.96491,{"date":450,"score":263,"percentile":448},"2026-01-13",{"date":452,"score":263,"percentile":453},"2026-01-14",0.96496,{"date":455,"score":263,"percentile":456},"2026-01-15",0.96498,{"date":458,"score":263,"percentile":459},"2026-01-16",0.96501,{"date":461,"score":263,"percentile":462},"2026-01-17",0.96502,{"date":464,"score":263,"percentile":465},"2026-01-18",0.96504,{"date":467,"score":263,"percentile":462},"2026-01-19",{"date":469,"score":263,"percentile":470},"2026-01-20",0.96503,{"date":472,"score":263,"percentile":473},"2026-01-21",0.96505,{"date":475,"score":263,"percentile":473},"2026-01-22",{"date":477,"score":263,"percentile":409},"2026-01-23",{"date":479,"score":263,"percentile":480},"2026-01-24",0.96511,{"date":482,"score":263,"percentile":483},"2026-01-25",0.96512,{"date":485,"score":263,"percentile":483},"2026-01-26",{"date":487,"score":263,"percentile":483},"2026-01-27",{"date":489,"score":263,"percentile":490},"2026-01-28",0.96514,{"date":492,"score":263,"percentile":490},"2026-01-29",{"date":494,"score":263,"percentile":490},"2026-01-30",{"date":496,"score":263,"percentile":497},"2026-01-31",0.96516,{"date":499,"score":263,"percentile":500},"2026-02-01",0.96546,[502],{"source":87,"cvss_v2_0":503,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":85,"baseSeverity":9,"vectorString":88,"impactScore":504,"exploitabilityScore":505},2.9,8.6,[507,551],{"ecosystem":9,"name":508,"vendor":9,"product":508,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":509},"Tomcat",[510,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549],{"version":511,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.12","cpe",{"version":514,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.13",{"version":516,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.14",{"version":518,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.15",{"version":520,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.16",{"version":522,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.17",{"version":524,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.18",{"version":526,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.19",{"version":528,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.20",{"version":530,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.24",{"version":532,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.26",{"version":534,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.27",{"version":536,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.28",{"version":538,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.29",{"version":540,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0",{"version":542,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0:beta",{"version":544,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.1",{"version":546,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.2",{"version":548,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.3",{"version":550,"is_range":52,"range_type":512,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.4",{"ecosystem":552,"name":553,"vendor":554,"product":555,"cpe_part":9,"purl_type":556,"purl_namespace":554,"purl_name":555,"source":9,"versions":557},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[558,564],{"version":559,"is_range":61,"range_type":560,"version_start":540,"version_start_type":561,"version_end":562,"version_end_type":563,"fixed_in":9},"gte7_0_0_lt7_0_5","ecosystem","including","7.0.5","excluding",{"version":565,"is_range":61,"range_type":560,"version_start":511,"version_start_type":561,"version_end":538,"version_end_type":561,"fixed_in":9},"gte6_0_12_lte6_0_29"]