Lucene search

K
osvGoogleOSV:GHSA-6J88-6WHG-X687
HistoryJun 24, 2022 - 12:00 a.m.

Cross-site Scripting in Apache Tomcat

2022-06-2400:00:32
Google
osv.dev
16
apache tomcat
cross-site scripting
form authentication

EPSS

0.001

Percentile

44.0%

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.