CVE-2024-29217
April 21, 2024, 4:15 p.m.
Tags
Product(s) Impacted
Apache Answer
- before 1.3.0
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.
Weaknesses
Date
Published: April 21, 2024, 4:15 p.m.
Last Modified: April 21, 2024, 4:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@apache.org
References
https://lists.apache.org/
security@apache.org