CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8027

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34

Products affected by CVE-2024-8027

Youdao » Qanything » Version: N/A

cpe:2.3:a:youdao:qanything:-
Youdao » Qanything » Version: 1.1.0

cpe:2.3:a:youdao:qanything:1.1.0
Youdao » Qanything » Version: 1.1.1

cpe:2.3:a:youdao:qanything:1.1.1
Youdao » Qanything » Version: 1.2.0

cpe:2.3:a:youdao:qanything:1.2.0
Youdao » Qanything » Version: 1.3.0

cpe:2.3:a:youdao:qanything:1.3.0
Youdao » Qanything » Version: 1.3.3

cpe:2.3:a:youdao:qanything:1.3.3
Youdao » Qanything » Version: 1.4.1

cpe:2.3:a:youdao:qanything:1.4.1
Youdao » Qanything » Version: 1.4.2

cpe:2.3:a:youdao:qanything:1.4.2
Youdao » Qanything » Version: 2.0.0

cpe:2.3:a:youdao:qanything:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8027

Products

Pricing

Contact Us