Lucene search
Veracode Vulnerability DatabaseVERACODE:37688HistoryOct 26, 2022 - 5:04 a.m.
Cross-Site Scripting (XSS)
2022-10-2605:04:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
apache-geode
vulnerability
pulse web application
cross-site scripting
data injection
admin account.
EPSS
0.001
Percentile
26.4%
apache-geode is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to data injection when using pulse web application which allows an attacker to steal the admin’s session cookie for the admin account.
References
www.openwall.com/lists/oss-security/2022/10/24/3
github.com/apache/geode/commit/1e6f850be8a0884585ce7456531330464e94493a
github.com/apache/geode/pull/7836
issues.apache.org/jira/browse/GEODE-10411
lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwx
www.mail-archive.com/[email protected]/msg75566.html
www.openwall.com/lists/oss-security/2022/10/24/3
Related
osv
osv
CVE-2022-34870
2022-10-25 17:15:53
Apache Geode vulnerable to Cross-Site Scripting
2022-10-25 19:00:27
github
github
Apache Geode vulnerable to Cross-Site Scripting
2022-10-25 19:00:27
nvd
nvd
CVE-2022-34870
2022-10-25 17:15:53
prion
prion
Cross site scripting
2022-10-25 17:15:00
cvelist
cvelist
cve
cve
CVE-2022-34870
2022-10-25 17:15:53