CVE-2024-8027 Information

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.

Reference

https://huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34