Attachment #235894 for bug #265821

View | Details | Raw Unified | Return to bug 265821 | Differences between
Collapse All | Expand All




  <vuln vid="e2e7faf9-1b51-11ed-ae46-002b67dfc673">
    <topic>Tomcat -- XSS in examples web application</topic>
    <affects>
      <package>
	<name>tomcat</name>
	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
      </package>
      <package>
	<name>tomcat85</name>
	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
      </package>
      <package>
	<name>tomcat10</name>
	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
      </package>
      <package>
	<name>tomcat-devel</name>
	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache Tomcat reports:</p>
	<blockquote cite="https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k">
	  <p>The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-34305</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305</url>
    </references>
    <dates>
      <discovery>2022-06-22</discovery>
      <entry>2022-08-13</entry>
    </dates>
  </vuln>

  <vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857">
    <topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic>
    <affects>

Return to bug 265821

Lines 1-3 Link Here

(-)b/security/vuxml/vuln-2022.xml (+45 lines)
		1	<vuln vid="e2e7faf9-1b51-11ed-ae46-002b67dfc673">
		2	<topic>Tomcat -- XSS in examples web application</topic>
		3	<affects>
		4	<package>
		5	<name>tomcat</name>
		6	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
		7	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
		8	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
		9	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
		10	</package>
		11	<package>
		12	<name>tomcat85</name>
		13	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
		14	</package>
		15	<package>
		16	<name>tomcat9</name>
		17	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
		18	</package>
		19	<package>
		20	<name>tomcat10</name>
		21	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
		22	</package>
		23	<package>
		24	<name>tomcat-devel</name>
		25	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
		26	</package>
		27	</affects>
		28	<description>
		29	<body xmlns="http://www.w3.org/1999/xhtml">
		30	<p>Apache Tomcat reports:</p>
		31	<blockquote cite="https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k">
		32	<p>The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.</p>
		33	</blockquote>
		34	</body>
		35	</description>
		36	<references>
		37	<cvename>CVE-2022-34305</cvename>
		38	<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305</url>
		39	</references>
		40	<dates>
		41	<discovery>2022-06-22</discovery>
		42	<entry>2022-08-13</entry>
		43	</dates>
		44	</vuln>
		45
1	<vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857">	46	<vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857">
2	<topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic>	47	<topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic>
3	<affects>	48	<affects>