MEDIUM🇬🇧 English

CVE-2024-8027

CVSS 6.1v3.0pub. 2025-03-20upd. 2025-08-01

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Youdao Qanything

    APP
    Youdao
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2024-10264CRITICAL9.8PL ✓ten sam produkt

HTTP Request Smuggling w Youdao QAnything umożliwia RCE i nieautoryzowany dostęp

CVE-2024-12864HIGH7.5ten sam produkt

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything ...

CVE-2024-12866HIGH7.5ten sam produkt

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability all...

CVE-2024-8024HIGH7.5ten sam produkt

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability all...