A flaw was found in the Apache Tomcat package. An example web application did not filter the form authentication example, exposing a Cross-site scripting (XSS) vulnerability.
Apache Tomcat < 10.0.23 Vulnerability
Apache Tomcat < 10.1.0-M17 Vulnerability
Apache Tomcat < 8.5.82 Vulnerability
Apache Tomcat < 9.0.65 Vulnerability
Security Bulletin: The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional.
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
Cross-site Scripting (XSS)
Cross-site Scripting in Apache Tomcat
Apache Tomcat CVE-2022-34305
Confluence Apache Tomcat CVE-2022-34305