{"schema_version": "1.6.1", "id": "CVE-2024-53679", "summary": "XSS vulnerability in User Lookup impacting user privileges", "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.\n\n\n\nThis issue affects all versions of Apache VCL through 2.5.1.\n\n\n\nUsers are recommended to upgrade to version 2.5.2, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "2.1"}, {"last_affected": "2.1"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/bq5vs0hndt9cz9b6rpfr5on1nd4qrmyr"}]}