{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:00:38.456","vulnerabilities":[{"cve":{"id":"CVE-2024-23349","sourceIdentifier":"security@apache.org","published":"2024-02-22T10:15:08.427","lastModified":"2025-03-28T20:15:21.263","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue."},{"lang":"es","value":"Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('cross-site Scripting') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. Ataque XSS cuando el usuario ingresa un resumen. Un usuario que haya iniciado sesión, al modificar su propia pregunta enviada, puede ingresar código malicioso en el resumen para crear dicho ataque. Se recomienda a los usuarios actualizar a la versión [1.2.5], que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.1","matchCriteriaId":"F977E6DB-B10B-4AC2-BD22-EA5F228989A9"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/02/22/2","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/02/22/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}