Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability ========================================================================= Affected products: ================= Tomcat 3.2.1, 3.2.2-beta, 4.0-beta <http://jakarta.apache.org/tomcat/> JRun 3.0 <http://www.allaire.com/products/jrun/index.cfm> WebSphere 3.5 FP2, 3.02, VisualAge for Java 3.5 Professional <http://www-4.ibm.com/software/webservers/> Resin <http://www.caucho.com/products/resin/> Not affected: ============ Unknown Problem: ======= Accessing the following URLs, the JavaScript code will be executed in the browser on the server's domain. Tomcat 3.2.1: http://Tomcat/jsp-mapped-dir/