GHSA-cvqr-mwh6-2vc6

Source

https://github.com/advisories/GHSA-cvqr-mwh6-2vc6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-cvqr-mwh6-2vc6/GHSA-cvqr-mwh6-2vc6.json

Aliases

• CVE-2024-29217
• GO-2024-2743

Published

2024-04-21T18:30:36Z

Modified

2024-05-02T14:53:08Z

Summary

Apache Answer: XSS vulnerability when changing personal website

Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'/XSS) vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.

XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-29217
• https://github.com/apache/incubator-answer
• https://lists.apache.org/thread/nc0g1borr0d3wx25jm39pn7nyf268n0x
• http://www.openwall.com/lists/oss-security/2024/04/19/1