What the vulnerability does
Description
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
CVE-2022-34870
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application
CVSS base score
—
Key dates
Disclosure timeline
October 25, 2022
CVE published
May 9, 2025
Record updated
