Apache · Apache Answer · CVE-2024-29217
**Name of the Vulnerable Software and Affected Versions**
Apache Answer versions prior to 1.3.0
**Description**
The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting (XSS) attacks. A logged-in user can input malicious code in their personal website when modifying it, creating an XSS attack.
**Recommendations**
For versions prior to 1.3.0, upgrade to version 1.3.0, which fixes the issue. As a temporary workaround, consider restricting the ability for users to input code in their personal websites until the upgrade is applied.