Lucene search
GoogleOSV:GHSA-8PF2-QJ4V-FJ64HistoryFeb 22, 2024 - 12:30 p.m.
Apache Answer Cross-site Scripting vulnerability
2024-02-2212:30:56
Google
osv.dev
7
apache answer
cross-site scripting
web page generation
vulnerability
upgrade
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.
XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.
Users are recommended to upgrade to version 1.2.5, which fixes the issue.
Related
cnvd
cnvd
Apache Answer Cross-Site Scripting Vulnerability
2024-03-14 00:00:00
github
github
Apache Answer Cross-site Scripting vulnerability
2024-02-22 12:30:56
vulnrichment
vulnrichment
CVE-2024-23349 Apache Answer: XSS vulnerability when submitting summary
2024-02-22 09:48:20
veracode
veracode
Cross-Site Scripting
2024-02-23 06:58:07
prion
prion
Cross site scripting
2024-02-22 10:15:00
osv
osv
nvd
nvd
CVE-2024-23349
2024-02-22 10:15:08
cvelist
cvelist
CVE-2024-23349 Apache Answer: XSS vulnerability when submitting summary
2024-02-22 09:48:20
cve
cve
CVE-2024-23349
2024-02-22 10:15:08