apache-geode is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to data injection when using pulse web application which allows an attacker to steal the admin’s session cookie for the admin account.
www.openwall.com/lists/oss-security/2022/10/24/3
github.com/apache/geode/commit/1e6f850be8a0884585ce7456531330464e94493a
github.com/apache/geode/pull/7836
issues.apache.org/jira/browse/GEODE-10411
lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwx
www.mail-archive.com/[email protected]/msg75566.html
www.openwall.com/lists/oss-security/2022/10/24/3