oss-sec mailing list archives

CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application

From: Dan Smith <dasmith () vmware com>
Date: Mon, 24 Oct 2022 17:11:25 +0000

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse 
web application to view Region entries.

This issue is being tracked as GEODE-10411

Current thread:

CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith (Oct 24)