{"schema_version": "1.6.1", "id": "CVE-2024-44088", "summary": "Reflected XSS", "details": "Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover.\n\n\n\nThis issue affects Apache Geode: all versions prior to 1.15.2\n\nUsers are recommended to upgrade to version 1.15.2, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.1.0"}, {"fixed": "1.15.2"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/161r34nokmcc0w74mnf04lskgb8g1d3g"}]}