UBUNTU-CVE-2022-34305
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 23 Jun 2022, 11:15
Last modified:01 Jun 2026, 17:15
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Jun 2022, 11:15
Published
Vulnerability first disclosed
01 Jun 2026, 17:15
Last Modified
Vulnerability information updated
Description
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- ubuntu•tomcat10
all | all | all
- ubuntu•tomcat6
all | all
- ubuntu•tomcat7
all
- ubuntu•tomcat9
all
References (6)
- https://ubuntu.com/security/CVE-2022-34305
- https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
- https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac
- https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7
- http://www.openwall.com/lists/oss-security/2022/06/23/1
- https://www.cve.org/CVERecord?id=CVE-2022-34305