Moderate severityNVD Advisory· Published Jun 23, 2022· Updated Aug 3, 2024
XSS in examples web application
CVE-2022-34305
Description
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 10.1.0-M1, < 10.1.0-M17 | 10.1.0-M17 |
org.apache.tomcat:tomcatMaven | >= 10.0.0-M1, < 10.0.22 | 10.0.22 |
org.apache.tomcat:tomcatMaven | >= 9.0.30, < 9.0.65 | 9.0.65 |
org.apache.tomcat:tomcatMaven | >= 8.5.50, < 8.5.82 | 8.5.82 |
Affected products
3- osv-coords2 versions
>= 8.5.50, < 8.5.82+ 1 more
- (no CPE)range: >= 8.5.50, < 8.5.82
- (no CPE)range: >= 10.1.0-M1, < 10.1.0-M17
- Apache Software Foundation/Apache Tomcatv5Range: Apache Tomcat 8.5 8.5.50 to 8.5.81
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6j88-6whg-x687ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34305ghsaADVISORY
- security.gentoo.org/glsa/202208-34ghsavendor-advisoryx_refsource_GENTOOWEB
- www.openwall.com/lists/oss-security/2022/06/23/1ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4kghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220729-0006ghsaWEB
- security.netapp.com/advisory/ntap-20220729-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.