CVE-2022-34305

CVE-2022-34305: XSS in examples web application

Vendor Apache Software Foundation
Product Apache Tomcat
Weakness CWE-79 · XSS
Published June 23, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Key dates

02Disclosure timeline

June 23, 2022 CVE published
August 3, 2024 Record updated