CVE-2022-34305

Summary

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache TomcatApache Tomcat 8.5 8.5.50 to 8.5.81affected
Apache Software FoundationApache TomcatApache Tomcat 9 9.0.30 to 9.0.64affected
Apache Software FoundationApache TomcatApache Tomcat 10.0 10.0.0-M1 to 10.0.22affected
Apache Software FoundationApache TomcatApache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References