CVE-2023-0740 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-0740?

CVE-2023-0740 has a CVSS score of 9.0 (CRITICAL). This stored cross-site scripting (XSS) vulnerability in the Answer software allows attackers to inject malicious scripts that execute in users' browsers when viewing affected content. Users of Answer versions prior to 1.0.4 are affected, potentially leading to session hijacking, credential theft, or malware distribution.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in the Answer software allows attackers to inject malicious scripts that execute in users' browsers when viewing affected content. Users of Answer versions prior to 1.0.4 are affected, potentially leading to session hijacking, credential theft, or malware distribution.

💻 Affected Systems

Products:

Answer (answerdev/answer)

Versions: All versions prior to 1.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments of Answer where user-generated content is displayed without proper sanitization.

📦 What is this software?

Answer by Answer

View all CVEs affecting Answer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over administrative accounts, deface the platform, or distribute malware to all users accessing the compromised content.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies, redirect users to phishing sites, or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are rendered harmless as plain text rather than executable code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to submit content to the platform (typically authenticated access). The vulnerability is well-documented with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4

Vendor Advisory: https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad

Restart Required: Yes

Instructions:

1. Backup your current Answer installation and database. 2. Update to Answer version 1.0.4 or later using your package manager or by downloading from GitHub. 3. Restart the Answer service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Content Security Policy (CSP)

all

Implement a strict Content Security Policy to restrict script execution sources

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to HTTP headers

Input Sanitization Filter

all

Deploy a web application firewall or reverse proxy with XSS filtering

🧯 If You Can't Patch

Disable user-generated content submission features
Implement strict output encoding for all user-controlled data displayed in web pages

🔍 How to Verify

Check if Vulnerable:

Check if your Answer version is below 1.0.4 by examining the version file or running the version command

Check Version:

Check Answer configuration files or run 'answer --version' if available

Verify Fix Applied:

After updating, verify the version is 1.0.4 or higher and test that user input containing script tags is properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual content submissions containing script tags or JavaScript code
Multiple failed sanitization attempts

Network Indicators:

HTTP requests containing suspicious script payloads in POST data
Unexpected external script loads from user content

SIEM Query:

source="answer.log" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2023-0740

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: February 8, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad Patch
https://huntr.dev/bounties/802ee76d-fe01-482b-a9a4-34699a7c9110 Exploit,Third Party Advisory
https://github.com/answerdev/answer/commit/c3001de52af91f09c96e701facbce0b9fa0c98ad Patch
https://huntr.dev/bounties/802ee76d-fe01-482b-a9a4-34699a7c9110 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0740, you might also want to check these: