Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apache/tomcat@6.0.12
purl pkg:apache/tomcat@6.0.12
Next non-vulnerable version 6.0.24
Latest non-vulnerable version 11.0.21
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-886n-1vzv-syc6
Aliases:
CVE-2010-4172
GHSA-c78g-qwpw-2jgv
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
6.0.30
Affected by 4 other vulnerabilities.
7.0.5
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:38:17.193467+00:00 Apache Tomcat Importer Affected by VCID-886n-1vzv-syc6 https://tomcat.apache.org/security-6.html 38.0.0