Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'/XSS
) vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.
XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue.
{ "nvd_published_at": "2024-04-21T16:15:47Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-22T15:52:27Z" }