CVE-2026-25688
Analyzed Analyzed - Analysis Complete

Stored XSS in Apache Answer

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: Apache Software Foundation

Description
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-29
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-25688
EUVD
EUVD-2026-35367

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache answer to 2.0.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-87 The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Neutralization of Alternate XSS Syntax issue in Apache Answer versions up to 2.0.0.

Specifically, AI-generated response content was rendered in the browser without proper sanitization, which allows malicious scripts to be executed when the content is viewed.

This means that attackers can inject harmful scripts that run in the context of the user's browser, potentially compromising user data or session integrity.

Impact Analysis

The vulnerability can lead to the execution of malicious scripts in users' browsers when they view AI-generated content from Apache Answer.

  • It can result in theft of sensitive information such as cookies, session tokens, or other private data.
  • It may allow attackers to perform actions on behalf of the user without their consent.
  • It can compromise the integrity and trustworthiness of the application by enabling cross-site scripting attacks.
Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade Apache Answer to version 2.0.1, which fixes the improper neutralization of alternate XSS syntax issue.

Compliance Impact

The vulnerability involves improper neutralization of alternate XSS syntax, allowing malicious scripts to execute when AI-generated content is viewed. Such vulnerabilities can lead to unauthorized access or exposure of sensitive user data.

This type of security flaw may impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access or disclosure.

However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25688. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart