Apache · Apache Traffic Server · CVE-2022-40743
**Name of the Vulnerable Software and Affected Versions**
Apache Traffic Server versions 9.0.0 through 9.1.3
**Description**
The issue is related to an Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server, which can lead to cross site scripting and cache poisoning attacks.
**Recommendations**
For Apache Traffic Server versions 9.0.0 through 9.1.3, users should upgrade to 9.1.4 or later versions.