Description
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8811)
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.18)
GeoServer Improper Input Validation Vulnerability (CVE-2025-58175)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.2)
WordPress Plugin Easy Social Box/Page Cross-Site Scripting (4.1.2)