Lyaa

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions through 1.2.1 **Description** The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This occurs when a logged-in user modifies their own submitted question and inputs malicious code in the summary, creating an XSS attack. **Recommendations** For Apache Answer versions through 1.2.1, upgrade to version 1.2.5, which fixes the issue. As a temporary workaround, consider restricting the input of malicious code in the summary field to minimize the risk of exploitation.