An attacker can inject malicious script code into the Title text field of a question to execute it with the privileges of the site administrator. V3.8.0 is the most recent version of Question. The update history for this component reveals no other releases since 2016. Also, there are no known active exploitation cases at the time of writing. Vendors/products that are affected are: Question Vendors: None Products: None The updated version Vendors/products that are affected are: Question Vendors: None Products: None User security mechanisms such as multi-factor authentication, which most of the large enterprises already have in place, protect against XSS attacks. However, it is still important to avoid opening unsolicited emails or clicking on links in emails.
What is Question?
Question is a question-and-answer site with over 5 million monthly visitors. It has the ability to answer questions with a link back to another website. V3.8.0 of Question is the most recent version, which was released in 2016 and includes no updates since then.
Question - An Open Source questions and answer site
Question is an open-source question and answer site. Question has been around since 1999, making it a very trusted site among people in the web development industry. The most recent version of this component is V3.8.0, which was released on 2016-07-30. There are no known active exploitation cases at the time of writing. Vendors/products that are affected are: Question Vendors: None Products: None User security mechanisms such as multi-factor authentication, which most of the large enterprises already have in place, protect against XSS attacks.
Timeline
Published on: 10/17/2022 21:15:00 UTC
Last modified on: 10/20/2022 04:33:00 UTC