CVE-2024-53679
- EPSS 0.05%
- Published 25.03.2025 09:33:44
- Last modified 14.07.2025 18:06:36
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to click...
CVE-2024-53678
- EPSS 0.04%
- Published 25.03.2025 09:33:36
- Last modified 14.07.2025 18:06:14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data retur...
CVE-2013-0267
- EPSS 0.33%
- Published 21.02.2018 15:29:00
- Last modified 21.11.2024 01:47:11
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a de...