CVE-2024-29217

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 1.3.0

Description The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting (XSS) attacks. A logged-in user can input malicious code in their personal website when modifying it, creating an XSS attack.

Recommendations For versions prior to 1.3.0, upgrade to version 1.3.0, which fixes the issue. As a temporary workaround, consider restricting the ability for users to input code in their personal websites until the upgrade is applied.