Moderate severityNVD Advisory· Published Oct 25, 2022· Updated May 9, 2025
Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application
CVE-2022-34870
Description
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-coreMaven | < 1.15.1 | 1.15.1 |
Affected products
2- Apache Software Foundation/Apache Geodev5Range: Apache Geode
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-373r-9mg8-3jc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34870ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/24/3ghsamailing-listWEB
- lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwxghsaWEB
News mentions
0No linked articles in our index yet.