======================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN212
_____________________________________________________________________

DATE                : 19/04/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Answer versions prior to
                                          1.3.0.

=====================================================================
https://lists.apache.org/thread/m8qdkobgjggzhfvs9z99x0n2n8opoc1p
_____________________________________________________________________

CVE-2024-29217: Apache Answer: XSS vulnerability when changing
personal website

Severity: important

Affected versions:

- Apache Answer before 1.3.0

Description:

Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') vulnerability in Apache Answer.This issue
affects Apache Answer: before 1.3.0.

XSS attack when user changes personal website. A logged-in user,
when modifying their personal website, can input malicious code in
the website to create such an attack.

Users are recommended to upgrade to version [1.3.0], which fixes
the issue.


Credit:

Tsubasa Umeuchi (reporter)


References:

https://answer.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-29217

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================