CVE-2026-25688

EUVD-2026-35367
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed.
Users are recommended to upgrade to version 2.0.1, which fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
apacheCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apacheanswer
𝑥
≤ 2.0.0
CNA
Common Weakness Enumeration
References
https://lists.apache.org/thread/x42joj43rqb38ms5q60f7bgq3qbo7t5q
http://www.openwall.com/lists/oss-security/2026/06/09/7