Lucene search

Veracode Vulnerability DatabaseVERACODE:46582

HistoryApr 23, 2024 - 6:38 a.m.

Cross Site Scripting

2024-04-2306:38:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

vulnerability

input neutralization

injection

malicious scripts

web page generation

personal website

attackers

user sessions

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

github.com/apache/incubator-answer is vulnerable to Cross Site Scripting. The vulnerability is due to improper neutralization of input during web page generation when user modifies their personal website. This allows attackers to inject malicious scripts into the website, which could be executed in the context of other users’ sessions.

References

www.openwall.com/lists/oss-security/2024/04/19/1

github.com/advisories/GHSA-cvqr-mwh6-2vc6

lists.apache.org/thread/nc0g1borr0d3wx25jm39pn7nyf268n0x