VULHUB ™

Allaire JRun is a web application development suite with JSP and Java Servlets. Allaire JRun does not filter script embedding from links that are displayed on a server's website. A malicious webmaster can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyper-link. Upon clicking on the hyper-link, Tomcat will generate an error message including the specified or embedded script. The specified or embedded scripting will be executed in the client's browser and treated as content originating from the target server returning the error message (even though the scripting may have originated at another site entirely).

Allaire JRun is a web application development suite with JSP and Java Servlets. Allaire JRun does not filter script embedding from links that are displayed on a server's website. A malicious webmaster can exploit this vulnerability to cause JavaScript commands or embedded scripts to be executed by any user who clicks on the hyper-link. Upon clicking on the hyper-link, Tomcat will generate an error message including the specified or embedded script. The specified or embedded scripting will be executed in the client's browser and treated as content originating from the target server returning the error message (even though the scripting may have originated at another site entirely).