Apache Answer Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
Feb 22, 2024
to the GitHub Advisory Database
•
Updated Dec 11, 2024
Package
Affected versions
< 1.2.5
Patched versions
1.2.5
Description
Published by the National Vulnerability Database
Feb 22, 2024
Published to the GitHub Advisory Database
Feb 22, 2024
Reviewed
Feb 22, 2024
Last updated
Dec 11, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.
XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.
Users are recommended to upgrade to version 1.2.5, which fixes the issue.
References