CVE-2024-53679
Apache VCL: XSS vulnerability in User Lookup impacting user privileges
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.
This issue affects all versions of Apache VCL through 2.5.1.
Users are recommended to upgrade to version 2.5.2, which fixes the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/RE:M
Productos afectados
Apache Software Foundation · Apache VCL¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →