Primary

Context

Apache VCL Cross-Site Scripting Vulnerability in User Lookup Form Privilege Escalation

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in Apache VCL, specifically in the User Lookup form. This issue arises from improper input handling during web page generation. Users with the necessary rights to access this part of the site can create a URL or be manipulated into clicking a link that grants elevated privileges to a specified user. The vulnerability affects all Apache VCL versions prior to 2.5.1.

Impact

Exploitation of this vulnerability allows for cross-site scripting, with the potential to escalate privileges for a specified user.

Remediation

Users are advised to upgrade to Apache VCL version 2.5.2, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache VCL Cross-Site Scripting Vulnerability in User Lookup Form Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Apache VCL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating