Disclosure Date 2024/04/18

CVE-2024-29217

Apache Answer: XSS vulnerability when changing personal website

Apache Answer: 個人Webサイト変更時におけるXSS

Credit

Tsubasa (@Sz4rny)

Description

"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.

This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue."

Back

会社情報

会社概要採用情報ニュース技術ブログ#FlattSecurityMagazine脆弱性リサーチプロジェクト

サービス紹介

Shisho Cloud(シショウ クラウド)KENRO(ケンロー)

お問い合わせ

お問い合わせフォーム採用お問い合わせフォームプライバシーポリシー