CVE-2007-3383: XSS in Tomcat send mail example
Low (Cross-site scripting)
The Apache Software Foundation
4.0.0 to 4.0.6
4.1.0 to 4.1.36
When reporting error messages, the SendMailServlet does not filter
user supplied data before display. This enables an XSS attack.
Undeploy the examples web application.
This issue was discovered by Tomasz Kuczynski, Poznan Supercomputing
and Networking Center, who worked with the CERT/CC to report the
On this page
enter the following text
in the From field and click Send.