Description
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/x42joj43rqb38ms5q60f7bgq3qbo7t5q
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
27.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-87
Status
published
Products (2)
apache/answer
< 2.0.1
Apache Software Foundation/Apache Answer
< 2.0.0
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026