CVE-2024-8027
20.03.2025, 10:15
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.
Awaiting analysis
This vulnerability is currently awaiting analysis.