CVE-2022-34305

Source
https://cve.org/CVERecord?id=CVE-2022-34305
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34305.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-34305
Aliases
Downstream
Published
2022-06-23T10:30:16Z
Modified
2026-07-08T06:03:56.928478830Z
Summary
XSS in examples web application
Details

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34305.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Apache Tomcat 8.5 8.5.50 to 8.5.81"
                },
                {
                    "last_affected": "Apache Tomcat 8.5 8.5.50 to 8.5.81"
                },
                {
                    "introduced": "Apache Tomcat 9 9.0.30 to 9.0.64"
                },
                {
                    "last_affected": "Apache Tomcat 9 9.0.30 to 9.0.64"
                },
                {
                    "introduced": "Apache Tomcat 10.0 10.0.0-M1 to 10.0.22"
                },
                {
                    "last_affected": "Apache Tomcat 10.0 10.0.0-M1 to 10.0.22"
                },
                {
                    "introduced": "Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16"
                },
                {
                    "last_affected": "Apache Tomcat 10.1 10.1.0-M1 to 10.1.0-M16"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "8.5.50"
        },
        {
            "last_affected": "8.5.81"
        },
        {
            "introduced": "9.0.30"
        },
        {
            "last_affected": "9.0.64"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.0.22"
        },
        {
            "introduced": "10.1.0-milestone1"
        },
        {
            "last_affected": "10.1.0-milestone1"
        },
        {
            "introduced": "10.1.0-milestone10"
        },
        {
            "last_affected": "10.1.0-milestone10"
        },
        {
            "introduced": "10.1.0-milestone11"
        },
        {
            "last_affected": "10.1.0-milestone11"
        },
        {
            "introduced": "10.1.0-milestone12"
        },
        {
            "last_affected": "10.1.0-milestone12"
        },
        {
            "introduced": "10.1.0-milestone13"
        },
        {
            "last_affected": "10.1.0-milestone13"
        },
        {
            "introduced": "10.1.0-milestone14"
        },
        {
            "last_affected": "10.1.0-milestone14"
        },
        {
            "introduced": "10.1.0-milestone15"
        },
        {
            "last_affected": "10.1.0-milestone15"
        },
        {
            "introduced": "10.1.0-milestone16"
        },
        {
            "last_affected": "10.1.0-milestone16"
        },
        {
            "introduced": "10.1.0-milestone2"
        },
        {
            "last_affected": "10.1.0-milestone2"
        },
        {
            "introduced": "10.1.0-milestone3"
        },
        {
            "last_affected": "10.1.0-milestone3"
        },
        {
            "introduced": "10.1.0-milestone4"
        },
        {
            "last_affected": "10.1.0-milestone4"
        },
        {
            "introduced": "10.1.0-milestone5"
        },
        {
            "last_affected": "10.1.0-milestone5"
        },
        {
            "introduced": "10.1.0-milestone6"
        },
        {
            "last_affected": "10.1.0-milestone6"
        },
        {
            "introduced": "10.1.0-milestone7"
        },
        {
            "last_affected": "10.1.0-milestone7"
        },
        {
            "introduced": "10.1.0-milestone8"
        },
        {
            "last_affected": "10.1.0-milestone8"
        },
        {
            "introduced": "10.1.0-milestone9"
        },
        {
            "last_affected": "10.1.0-milestone9"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

10.*
10.1.0-milestone1
10.1.0-milestone10
10.1.0-milestone11
10.1.0-milestone12
10.1.0-milestone13
10.1.0-milestone14
10.1.0-milestone15
10.1.0-milestone16
10.1.0-milestone2
10.1.0-milestone3
10.1.0-milestone4
10.1.0-milestone5
10.1.0-milestone6
10.1.0-milestone7
10.1.0-milestone8
10.1.0-milestone9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34305.json"