GHSA-w595-4975-gm3h · Severity: medium · Ecosystem: maven — Apache Geode web-api is vulnerable to Cross-site Scripting
Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2 Users are recommended to upgrade to version 1.15.2, which fixes the issue.
Conclusion & alert: CVE-2024-44088 is rated Low Risk (32.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.08%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-03-12 | 0.15% | 0.08% | -0.07% |
| 2 | 2025-12-21 | 0.10% | 0.15% | +0.05% |
| 3 | 2025-10-21 | — | 0.10% | — |
Full EPSS history (4 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.1 | 3.1 | MEDIUM |
|
2.8 | 2.7 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
GHSA-w595-4975-gm3h · Severity: medium · Ecosystem: maven — Apache Geode web-api is vulnerable to Cross-site Scripting
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/161r34nokmcc0w74mnf04lskgb8g1d3g | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2025/10/14/5 |