CVE-2024-23349

CVSS V2 None CVSS V3 None
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version [1.2.5], which fixes the issue.
Overview
  • CVE ID
  • CVE-2024-23349
  • Assigner
  • apache
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-22T09:48:20.873Z
  • Last Modified Date
  • 2024-02-22T09:48:20.873Z
History
Created Old Value New Value Data Type Notes
2024-06-26 07:10:50 Added to TrackCVE