Количество 2
Количество 2
CVE-2024-44088
Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2 Users are recommended to upgrade to version 1.15.2, which fixes the issue.
GHSA-w595-4975-gm3h
Apache Geode web-api is vulnerable to Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-44088 Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2 Users are recommended to upgrade to version 1.15.2, which fixes the issue. | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| GHSA-w595-4975-gm3h Apache Geode web-api is vulnerable to Cross-site Scripting | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу