Apache Answer vulnerable to Cross-site Scripting (XSS) Attack
CVE-2024-29217
Currently unrated 🤨
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.
Affected Version(s)
Apache Answer < 1.3.0
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Tsubasa Umeuchi