CVE-2024-29217

Apache Answer: XSS vulnerability when changing personal website (Apache Answer: 個人Webサイト変更時におけるXSS)

"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.

This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue."

Disclosure Date

2024/04/18

Credit

Tsubasa (@Sz4rny)

Back