CVE-2024-23349

Name of the Vulnerable Software and Affected Versions Apache Answer versions through 1.2.1

Description The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This occurs when a logged-in user modifies their own submitted question and inputs malicious code in the summary, creating an XSS attack.

Recommendations For Apache Answer versions through 1.2.1, upgrade to version 1.2.5, which fixes the issue. As a temporary workaround, consider restricting the input of malicious code in the summary field to minimize the risk of exploitation.