Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything

CVE-2024-8027

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.

Affected products

Netease Youdao/Netease Youdao/qanythingv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000