CVE-2024-8027

Name of the Vulnerable Software and Affected Versions netease-youdao/QAnything versions prior to the fixed version

Description A stored Cross-Site Scripting (XSS) issue exists, allowing attackers to upload malicious knowledge files to the knowledge base. These files can trigger XSS attacks during user chats.

Recommendations For versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting the upload of knowledge files to trusted sources until the patch is applied. Avoid using the vulnerable knowledge base feature until the issue is resolved.