oss-sec mailing list archives
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application
From: Dan Smith <dasmith () vmware com>
Date: Mon, 24 Oct 2022 17:11:25 +0000
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. This issue is being tracked as GEODE-10411
Current thread:
- CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith (Oct 24)