CVE-2024-29217
published 2024-04-21CVE-2024-29217: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before…
medium4.6CVSS 3.1
AVNACLPRLUIRSUCNILAL
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.
XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.
Users are recommended to upgrade to version [1.3.0], which fixes the issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | answer | < 1.3.0 | 1.3.0 |
| apache_software_foundation | apache_answer | < 1.3.0 | 1.3.0 |
| authlib | authlib | >= 0 < 1.3.1 | 1.3.1 |
| github.com | apache_incubator-answer | >= 0 < 1.3.0 | 1.3.0 |
| python-jose_project | python-jose | >= 0 < 3.4.0 | 3.4.0 |
CVSS provenance
nvdv3.14.6MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
ghsa7.5HIGH