CVE-2022-34305: XSS
First published: Thu Jun 23 2022(Updated: )
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Tomcat | >=8.5.50<=8.5.81 | |
| Apache Tomcat | >=9.0.30<=9.0.64 | |
| Apache Tomcat | >=10.0.0<=10.0.22 | |
| Apache Tomcat | =10.1.0-milestone1 | |
| Apache Tomcat | =10.1.0-milestone10 | |
| Apache Tomcat | =10.1.0-milestone11 | |
| Apache Tomcat | =10.1.0-milestone12 | |
| Apache Tomcat | =10.1.0-milestone13 | |
| Apache Tomcat | =10.1.0-milestone14 | |
| Apache Tomcat | =10.1.0-milestone15 | |
| Apache Tomcat | =10.1.0-milestone16 | |
| Apache Tomcat | =10.1.0-milestone2 | |
| Apache Tomcat | =10.1.0-milestone3 | |
| Apache Tomcat | =10.1.0-milestone4 | |
| Apache Tomcat | =10.1.0-milestone5 | |
| Apache Tomcat | =10.1.0-milestone6 | |
| Apache Tomcat | =10.1.0-milestone7 | |
| Apache Tomcat | =10.1.0-milestone8 | |
| Apache Tomcat | =10.1.0-milestone9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-34305.
What is the severity of CVE-2022-34305?
CVE-2022-34305 has a severity level of 6.1 (Medium).
Which software versions are affected by CVE-2022-34305?
CVE-2022-34305 affects Apache Tomcat versions 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, and 10.0.0-M1 to 10.0.22.
What is the vulnerability in Apache Tomcat?
The vulnerability in Apache Tomcat is a Cross-Site Scripting (XSS) vulnerability caused by user-provided data not being properly filtered in the Form authentication example in the examples web application.
Are there any references for CVE-2022-34305?
Yes, you can find references for CVE-2022-34305 at the following links: [Reference 1](http://www.openwall.com/lists/oss-security/2022/06/23/1), [Reference 2](https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k), [Reference 3](https://security.gentoo.org/glsa/202208-34)
- collector/nvd-index
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/8.5.50
- version/apache tomcat/8.5.81
- version/apache tomcat/9.0.30
- version/apache tomcat/9.0.64
- version/apache tomcat/10.0.0
- version/apache tomcat/10.0.22
- version/apache tomcat/10.1.0-milestone1
- version/apache tomcat/10.1.0-milestone10
- version/apache tomcat/10.1.0-milestone11
- version/apache tomcat/10.1.0-milestone12
- version/apache tomcat/10.1.0-milestone13
- version/apache tomcat/10.1.0-milestone14
- version/apache tomcat/10.1.0-milestone15
- version/apache tomcat/10.1.0-milestone16
- version/apache tomcat/10.1.0-milestone2
- version/apache tomcat/10.1.0-milestone3
- version/apache tomcat/10.1.0-milestone4
- version/apache tomcat/10.1.0-milestone5
- version/apache tomcat/10.1.0-milestone6
- version/apache tomcat/10.1.0-milestone7
- version/apache tomcat/10.1.0-milestone8
- version/apache tomcat/10.1.0-milestone9