CVE-2022-34870

CVSS v3.1 5.4 (Medium)

EPSS 0.06 % (27^th)

Affected Products 1

Advisories 1

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2022-10-25 17:15:53
(23 months ago)
Updated Date: 2022-10-26 03:31:20
(23 months ago)

Affected Products

Apache

Geode

Configuration #1

		CPE23	From	Up To
	Apache Geode 1.15.0 and prior versions	cpe:2.3:a:apache:geode		<= 1.15.0