{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "GET /examples/jsp/num/numguess.jsp, /examples/jsp/colors/colrs.jsp, and /examples/jsp/sessions/carts.jsp in the bundled Tomcat examples web application",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "tomcat",
    "examples-webapp",
    "numguess.jsp",
    "colrs.jsp",
    "carts.jsp"
  ],
  "proof_artifacts": [
    "logs/vuln_variant.log",
    "logs/variant_vulnerable_numguess_startup.log",
    "logs/variant_vulnerable_numguess_curl.log",
    "vuln_variant/vulnerable_numguess_resp2.html",
    "logs/variant_fixed_numguess_startup.log",
    "logs/variant_fixed_numguess_curl.log",
    "vuln_variant/fixed_numguess_resp2.html",
    "logs/variant_fixed_colors_startup.log",
    "logs/variant_fixed_colors_curl.log",
    "vuln_variant/fixed_colors_resp1.html",
    "logs/variant_fixed_carts_startup.log",
    "logs/variant_fixed_carts_curl.log",
    "vuln_variant/fixed_carts_resp1.html"
  ],
  "notes": "The original numguess.jsp XSS was reproduced on Tomcat 10.1.55 and absent on Tomcat 10.1.56. The two alternate candidate JSPs (colrs.jsp, carts.jsp) did not render unescaped attacker-controlled markup on the fixed version."
}
