Affected versions:
- Apache VCL 2.1 through 2.5.1
Description:
Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Apache VCL in the User Lookup form. A user with
sufficient rights to be able to view this part of the site can craft a URL or
be tricked in to clicking a URL that will give a specified user elevated rights.
This issue affects all versions of Apache VCL through 2.5.1.
Users are recommended to upgrade to version 2.5.2, which fixes the issue.
Credit:
Chiencp and Nothing from TeamTonTac (finder)
References:
https://vcl.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-53679
