6.1
CVE-2026-25688
- EPSS 0.41%
- Veröffentlicht 09.06.2026 07:32:23
- Zuletzt bearbeitet 10.06.2026 13:12:50
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Answer: XSS in AI Answer Rendering
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.323 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-87 Improper Neutralization of Alternate XSS Syntax
The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.
https://lists.apache.org/thread/x42joj43rqb38ms5q60f7bgq3qbo7t5q
http://www.openwall.com/lists/oss-security/2026/06/09/7