CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

02c4004b52be88a04a7372577d56da0f9ed3a7fe

Last affected

02d546ba3c553c74ff1a99ecc166a6ff9c501ba8

Last affected

02e84c839def0228475fad85d0b19abc2f70b03f

Last affected

049799677ba307378a256621bb1a7b03f597571c

Last affected

0e59fedb28df646930c5aff945159b64d7a52260

Last affected

0f3f1e439a040068b741d77777766722e4420ad6

Introduced

4fab4cc012d0c31852e957d198cb0549f3d6074c

Last affected

1419d61f200be876baddb0997919fb82c230a857

Last affected

2a10c8d9110d7b1c7f526f3352648c6b19ba2c52

Introduced

c40ede65ea4fb44b1957ec482f28c7afa71f1b50

Last affected

2f283f89f49be662efa45af2c6a876d897159ddf

Last affected

51d1031c36c0f2b3ee1e0d14b56228a559144153

Last affected

8778a44d6323c1066237043a89ab2f36696916b1

Introduced

4c8b650437e2464c1c31c6598a263b3805b7a81f

Last affected

babca1854c6f7068069d501e7f6b9cca13943056

Last affected

cd53876fefaa370c31466b0f615e9ad026541a27

Last affected

d08498a3cefa7206bad791acf019455794f865ea

Last affected

dc3639dd7123301ced18dbf4ddf2dca93704870d

Last affected

dcf3e81b2e709574971c7a9592614d70c1b55bf7

Last affected

e706972942e2c342e4a37baf5e2596f11e8a0e94

Last affected

f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429

Last affected

faa2582152d9dcbcb444700df340e10a85fc375f

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34305.json"