Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-44088

Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Published

2025-10-14T15:16:00.613

Last Modified

2025-10-20T20:08:37.223

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	geode	< 1.15.2	Yes

References

https://lists.apache.org/thread/161r34nokmcc0w74mnf04lskgb8g1d3g Mailing List, Vendor Advisory ([email protected])