{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T01:59:30.560","vulnerabilities":[{"cve":{"id":"CVE-2022-34305","sourceIdentifier":"security@apache.org","published":"2022-06-23T11:15:07.977","lastModified":"2024-11-21T07:09:15.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability."},{"lang":"es","value":"En Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M16, 10.0.0-M1 a 10.0.22, 9.0.30 a 9.0.64 y 8.5.50 a 8.5.81, el ejemplo de autenticación de formularios en la aplicación web de ejemplos mostraba los datos proporcionados por el usuario sin filtrar, exponiendo una vulnerabilidad de tipo XSS"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.50","versionEndIncluding":"8.5.81","matchCriteriaId":"E89A234F-26BD-406B-BC11-8C3DFA43D32E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.30","versionEndIncluding":"9.0.64","matchCriteriaId":"CEA27D71-8156-44AA-8A43-2E384FEC6E91"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.0.22","matchCriteriaId":"E027A2AD-EDAC-41F7-A86B-E12C490CC862"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"6D402B5D-5901-43EB-8E6A-ECBD512CE367"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*","matchCriteriaId":"FC64BB57-4912-481E-AE8D-C8FCD36142BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*","matchCriteriaId":"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*","matchCriteriaId":"919C16BD-79A7-4597-8D23-2CBDED2EF615"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*","matchCriteriaId":"81B27C03-D626-42EC-AE4E-1E66624908E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"9846609D-51FC-4CDD-97B3-8C6E07108F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"2E321FB4-0B0C-497A-BB75-909D888C93CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"7CB9D150-EED6-4AE9-BCBE-48932E50035E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"D334103F-F64E-4869-BCC8-670A5AFCC76C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"CE1A9030-B397-4BA6-8E13-DA1503872DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"6284B74A-1051-40A7-9D74-380FEEEC3F88"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/06/23/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k","source":"security@apache.org","tags":["Mailing List","Release Notes","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-34","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220729-0006/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/06/23/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220729-0006/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}