EUVD-2026-35371
Basic XSS (CWE-80)
2026-06-09
GHSA-6qwm-5fm9-cvjx
GHSA-6qwm-5fm9-cvjx
5.4
CVSS 3.1 · Vendor
Share
Severity by source
Vendor (CNA)
PRIMARY
5.4
MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (CNA) · only source for this CVE.
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Lifecycle Timeline
2
CVSS changed
Jun 09, 2026 - 17:22 NVD
5.4 (MEDIUM)
Analysis Generated
Jun 09, 2026 - 08:18 vuln.today
Description PRE-NVD
Disclosed via oss-security. NVD scoring and full description are pending.
Articles & Coverage 1
AnalysisAI
HTML content injection in Apache Answer's email notification system allows authenticated users to embed arbitrary HTML markup into notification emails delivered to other platform users. All versions through 2.0.0 are affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Authenticate to Apache Answer platform
Delivery
Submit content embedding HTML tags
Exploit
Platform generates notification email to target user
Execution
Injected HTML renders in target's email client
Impact
Target deceived via phishing or spoofed content
Access
Authenticate to Apache Answer platform
Delivery
Submit content embedding HTML tags
Exploit
Platform generates notification email to target user
Execution
Injected HTML renders in target's email client
Impact
Target deceived via phishing or spoofed content
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Apache Answer account with permission to submit user-generated content (answers, comments, or equivalent contributions) that triggers outbound notification emails. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS base score or vector was published by NVD or Apache at time of analysis, which limits quantitative scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a registered Apache Answer account submits an answer or comment containing crafted HTML - for example, a visually convincing login prompt or a link styled to impersonate an administrative alert. When another user receives the platform's notification email about the new activity, the injected HTML renders in their email client, potentially redirecting them to a credential-harvesting page or deceiving them into taking a harmful action. … |
| Remediation | Upgrade to Apache Answer 2.0.1, which the vendor confirms resolves this issue by applying proper HTML escaping to user-supplied content before it is embedded in notification email templates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit Apache Answer deployment version and review notification system logs for suspicious HTML content patterns. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).