[TOMEE-4001] CVE-2022-34305 displaying user provided data without filtering, exposing a XSS vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 9.0.0-M8, 8.0.12
Fix Version/s: 9.0.0.RC1, 8.0.13
Component/s: TomEE Core Server
Labels:
- CVE

External issue URL:
https://nvd.nist.gov/vuln/detail/CVE-2022-34305

Description

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-34305

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2022-09-07-13-50-40-452.png
07/Sep/22 19:50
34 kB
Cesar Hernandez

Issue Links

depends upon

TOMEE-4051 Tomcat 9.0.65

Resolved

Activity

People

Assignee:: Richard Zowalla

Reporter:: Yugandher reddy vonteddu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/Jul/22 04:37

Updated:: 26/Sep/22 12:40

Resolved:: 03/Sep/22 07:02