CVE-2022-34305
Cross-site Scripting in Apache Tomcat
6.1
MEDIUM
CVSS 3.1
EPSS 17.4%
Description
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
How to fix CVE-2022-34305
To remediate CVE-2022-34305, upgrade the affected package to a fixed version below.
- Bitnami/tomcat—upgrade to 8.5.82 or later
- —upgrade to 9.0.65-1 or later
- —upgrade to 10.1.0-M17 or later
Is CVE-2022-34305 being exploited?
Moderate — EPSS is 17.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- >= 8.5.50, < 8.5.82, >= 9.0.30, < 9.0.65, >= 10.0.0, < 10.0.23
- from 0, < 9.0.65-1
- >= 10.1.0-M1, < 10.1.0-M17
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |