The host is installed with Apache Tomcat 10.1.0-M1 before 10.1.0-M17, 10.0.0-M1 before 10.0.23, 9.0.30 before 9.0.65 or 8.5.50 before 8.5.82 and is prone to a cross-site scripting vulnerability. A flaw is present in application, which fails to properly validate user data. Successful exploitation could allow attackers to perform cross site scripting.