2024-02-22 09:48:20
apache
PUBLISHED
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version [1.2.5], which fixes the issue.