VYPR
Unrated severityNVD Advisory· Published Mar 25, 2025· Updated Mar 31, 2025

Apache VCL: XSS vulnerability in User Lookup impacting user privileges

CVE-2024-53679

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.

This issue affects all versions of Apache VCL through 2.5.1.

Users are recommended to upgrade to version 2.5.2, which fixes the issue.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.