FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Tomcat -- XSS in examples web application

Affected packages
8.5.50 <= tomcat < 8.5.81
9.0.30 <= tomcat < 9.0.64
10.0.0-M1 <= tomcat < 10.0.22
10.1.0-M1 <= tomcat < 10.1.0-M16
8.5.50 <= tomcat85 < 8.5.81
9.0.30 <= tomcat9 < 9.0.64
10.0.0-M1 <= tomcat10 < 10.0.22
10.1.0-M1 <= tomcat-devel < 10.1.0-M16

Details

VuXML ID e2e7faf9-1b51-11ed-ae46-002b67dfc673
Discovery 2022-06-22
Entry 2022-08-14

Apache Tomcat reports:

The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

References

CVE Name CVE-2022-34305
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305