Description

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Remediation

References

CVE-2022-34305

Related Vulnerabilities

MySQL CVE-2020-14852 Vulnerability (CVE-2020-14852)

WordPress Plugin JVM WooCommerce Wishlist Unspecified Vulnerability (1.2.6)

SharePoint CVE-2025-21344 Vulnerability (CVE-2025-21344)

WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8793)

Severity

Medium

Classification

CVE-2022-34305 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities