Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'/`XSS`) vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.

XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.
Users are recommended to upgrade to version [1.3.0], which fixes the issue.

Affected Packages

Go github.com/apache/incubator-answer

Affected versions: 0 (fixed in 1.3.0)

Related CVEs

CVE-2024-29217

Key Information

GHSA ID

GHSA-cvqr-mwh6-2vc6

Published

April 21, 2024 6:30 PM

Last Modified

February 13, 2025 7:00 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/apache/incubator-answer

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.