In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34305.json",
"cwe_ids": [
"CWE-79"
],
"cna_assigner": "apache",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "Apache Tomcat 8.5 8.5.50 to 8.5.81"
},
{
"last_affected": "Apache Tomcat 8.5 8.5.50 to 8.5.81"
},
{
"introduced": "Apache Tomcat 9 9.0.30 to 9.0.64"
},
{
"last_affected": "Apache Tomcat 9 9.0.30 to 9.0.64"
},
{
"introduced": "Apache Tomcat 10.0 10.0.0-M1 to 10.0.22"
},
{
"last_affected": "Apache Tomcat 10.0 10.0.0-M1 to 10.0.22"
},
{
"introduced": "Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16"
},
{
"last_affected": "Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.5.50"
},
{
"last_affected": "8.5.81"
},
{
"introduced": "9.0.30"
},
{
"last_affected": "9.0.64"
},
{
"introduced": "10.0.0"
},
{
"last_affected": "10.0.22"
},
{
"introduced": "10.1.0-milestone1"
},
{
"last_affected": "10.1.0-milestone1"
},
{
"introduced": "10.1.0-milestone10"
},
{
"last_affected": "10.1.0-milestone10"
},
{
"introduced": "10.1.0-milestone11"
},
{
"last_affected": "10.1.0-milestone11"
},
{
"introduced": "10.1.0-milestone12"
},
{
"last_affected": "10.1.0-milestone12"
},
{
"introduced": "10.1.0-milestone13"
},
{
"last_affected": "10.1.0-milestone13"
},
{
"introduced": "10.1.0-milestone14"
},
{
"last_affected": "10.1.0-milestone14"
},
{
"introduced": "10.1.0-milestone15"
},
{
"last_affected": "10.1.0-milestone15"
},
{
"introduced": "10.1.0-milestone16"
},
{
"last_affected": "10.1.0-milestone16"
},
{
"introduced": "10.1.0-milestone2"
},
{
"last_affected": "10.1.0-milestone2"
},
{
"introduced": "10.1.0-milestone3"
},
{
"last_affected": "10.1.0-milestone3"
},
{
"introduced": "10.1.0-milestone4"
},
{
"last_affected": "10.1.0-milestone4"
},
{
"introduced": "10.1.0-milestone5"
},
{
"last_affected": "10.1.0-milestone5"
},
{
"introduced": "10.1.0-milestone6"
},
{
"last_affected": "10.1.0-milestone6"
},
{
"introduced": "10.1.0-milestone7"
},
{
"last_affected": "10.1.0-milestone7"
},
{
"introduced": "10.1.0-milestone8"
},
{
"last_affected": "10.1.0-milestone8"
},
{
"introduced": "10.1.0-milestone9"
},
{
"last_affected": "10.1.0-milestone9"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}