Apache Tomcat CVE-2010-4172 Cross Site Scripting Vulnerability
Description
The Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting. The CSRF protection, which is enabled by default, prevents an attacker from exploiting this.
Affected Applications
Apache Tomcat