'[oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
From:       Enxin Xie <linkinstar () apache ! org>
Date:       2024-04-19 2:07:48
Message-ID: f7354f86-7b55-333d-1dd8-66dca1ea484b () apache ! org
[Download RAW message or body]

Severity: important

Affected versions:

- Apache Answer before 1.3.0

Description:

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') \
vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.

XSS attack when user changes personal website. A logged-in user, when modifying their personal \
website, can input malicious code in the website to create such an attack. Users are \
recommended to upgrade to version [1.3.0], which fixes the issue.

Credit:

Tsubasa Umeuchi (reporter)

References:

https://answer.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-29217

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic