Back to search
CVE-2022-34305
Published: Jun 23, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tomcat | affected Apache Tomcat 8.5 8.5.50 to 8.5.81affected Apache Tomcat 9 9.0.30 to 9.0.64affected Apache Tomcat 10.0 10.0.0-M1 to 10.0.22affected Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
x_refsource_MISC
[oss-security] 20220623 CVE-2022-34305: Apache Tomcat: XSS in examples web application
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20220729-0006/
x_refsource_CONFIRM
GLSA-202208-34
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now