NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-50229
Summary

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected.

Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.

Publication Date June 30, 2026, 6:16 a.m.
Registration Date July 1, 2026, 4:23 a.m.
Last Update June 30, 2026, 11:10 p.m.
CVSS3.1 : MEDIUM
スコア 6.1
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR) 不要
利用者の関与(UI)
影響の想定範囲(S) 変更あり
機密性への影響(C)
完全性への影響(I)
可用性への影響(A) なし
Related information, measures and tools
Common Vulnerabilities List