CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary

CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary

Open Source Security [[{„value“:“

Posted by Enxin Xie on Feb 22

Severity: important

Affected versions:

– Apache Answer through 1.2.1

Description:

Improper Neutralization of Input During Web Page Generation (‚Cross-site Scripting‘) vulnerability in Apache
Answer.This issue affects Apache Answer: through 1.2.1.

XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious
code in the summary to create such an attack.

Users are…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert