{"schema_version": "1.6.1", "id": "CVE-2022-34870", "summary": "Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application", "details": "Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Geode"}, {"last_affected": "Apache Geode"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/zltlr7f2ymr2m6jj54k4z0c4foos5fwx"}]}