Medium severity6.1NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026
CVE-2024-8027
CVE-2024-8027
Description
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <fix
- Range: unspecified
Patches
Vulnerability mechanics
References
1- huntr.com/bounties/cf75f024-3d64-416d-adfe-c4255d7c3f34nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.