CVE-2022-34305

CVE	CVE-2022-34305
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-06-23 11:15:00 UTC
Updated	2022-10-26 22:49:00 UTC
Description	In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Problem Types: CWE-79

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Tomcat	10.1.0	milestone1	All	All
Application	Apache	Tomcat	10.1.0	milestone10	All	All
Application	Apache	Tomcat	10.1.0	milestone11	All	All
Application	Apache	Tomcat	10.1.0	milestone12	All	All
Application	Apache	Tomcat	10.1.0	milestone13	All	All
Application	Apache	Tomcat	10.1.0	milestone14	All	All
Application	Apache	Tomcat	10.1.0	milestone15	All	All
Application	Apache	Tomcat	10.1.0	milestone16	All	All
Application	Apache	Tomcat	10.1.0	milestone2	All	All
Application	Apache	Tomcat	10.1.0	milestone3	All	All
Application	Apache	Tomcat	10.1.0	milestone4	All	All
Application	Apache	Tomcat	10.1.0	milestone5	All	All
Application	Apache	Tomcat	10.1.0	milestone6	All	All
Application	Apache	Tomcat	10.1.0	milestone7	All	All
Application	Apache	Tomcat	10.1.0	milestone8	All	All
Application	Apache	Tomcat	10.1.0	milestone9	All	All
Application	Apache	Tomcat	All	All	All	All
Application	Apache	Tomcat	All	All	All	All
Application	Apache	Tomcat	All	All	All	All

Reference	Source	Link	Tags
oss-security - CVE-2022-34305: Apache Tomcat: XSS in examples web application	MLIST	www.openwall.com
CVE-2022-34305 Apache Tomcat Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Apache Tomcat: Multiple Vulnerabilities (GLSA 202208-34) — Gentoo security	GENTOO	security.gentoo.org
N/A	CONFIRM	lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

150541 Apache Tomcat Cross-Site Scripting(XSS) Vulnerability (CVE-2022-34305)
182048 Debian Security Update for tomcat9 (CVE-2022-34305)
20270 Oracle Database 21c Critical Patch Update - October 2022
20271 Oracle Database 19c Critical Patch Update - October 2022
20272 Oracle Database 19c Critical OJVM Patch Update - October 2022
296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
356168 Amazon Linux Security Advisory for tomcat : ALASTOMCAT8.5-2023-003
378610 Dell NetWorker Security Update for an Apache Tomcat Vulnerability (DSA-2022-341)
690921 Free Berkeley Software Distribution (FreeBSD) Security Update for tomcat (e2e7faf9-1b51-11ed-ae46-002b67dfc673)
710609 Gentoo Linux Apache Tomcat Multiple Vulnerabilities (GLSA 202208-34)
730645 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
730649 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
730658 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)
730664 Apache Tomcat Cross-Site Scripting (XSS) in examples web application Vulnerability (CVE-2022-34305)