By weakness (CWE)

CWE-87: related vulnerabilities

CVEs classified under CWE-87. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-25688MEDIUM 6.1

    Apache Answer versions through 2.0.0 contain a cross-site scripting (XSS) vulnerability in how AI-generated response content is displayed to users. When Answer generates responses using AI, the application fails to properly clean this content before showing it in the browser. This allows an attacker to inject malicious scripts that execute in a user's browser when they view the generated response. The vulnerability requires user interaction (clicking a link or viewing a page with the malicious content) but can affect multiple users if the generated response is shared or cached.