Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4001

CVE-2022-34305 displaying user provided data without filtering, exposing a XSS vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.0.0-M8, 8.0.12
    • 9.0.0-M9, 8.0.13
    • TomEE Core Server

    Description

      In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

      https://nvd.nist.gov/vuln/detail/CVE-2022-34305

       

      Attachments

        1. image-2022-09-07-13-50-40-452.png
          34 kB
          Cesar Hernandez

        Issue Links

          Activity

            People

              rzo1 Richard Zowalla
              9177012889 Yugandher reddy vonteddu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: