Improper access control

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...

Answer vulnerable to Race Condition

Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0739

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

PT-2023-16493 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is a Cross-site Scripting XSS - Stored vulnerability found in the GitHub repository answerdev/answer. This type of vulnerability allows an attacker to inject malicious scripts in...

CVE-2023-0742 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0743 Cross-site Scripting (XSS) - Generic in answerdev/answer

Cross-site Scripting XSS - Generic in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0744 Improper Access Control in answerdev/answer

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0739 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in answerdev/answer

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0742 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0741 Cross-site Scripting (XSS) - DOM in answerdev/answer

Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0744

CVE-2023-0744 affects the GitHub repo answerdev/answer prior to version 1.0.4, enabling an Improper Access Control that can lead to account takeover via the password-reset flow. Public references describe an endpoint abuse: an attacker can trigger password reset via answer/api/v1/user/password/re...

CVE-2023-0739 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in answerdev/answer

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0741

CVE-2023-0741 : Cross-site Scripting (XSS) via DOM in the GitHub repository answerdev/answer prior to version 1.0.4 . Root cause is a DOM-based XSS vulnerability in the client-side code, enabling attacker-controlled script execution within a user session. The vulnerability is described as affecti...

CVE-2023-0740 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.4...

CVE-2023-0741 Cross-site Scripting (XSS) - DOM in answerdev/answer

Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...

PT-2023-16495 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.4 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can then be...