2025-03-25 09:33:44
apache
PUBLISHED
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights. This issue affects all versions of Apache VCL through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue.