CVE-2023-1543 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

PT-2023-17062 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue concerns Business Logic Errors in the GitHub repository answerdev/answer. Recommendations: For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue...

CVE-2023-1543

CVE-2023-1543 describes an Insufficient Session Expiration vulnerability in the open‑source knowledge base software github.com/answerdev/answer prior to version 1.0.6. The root cause is an access control weakness where a token could be reused or not invalidated after logout, enabling unauthorized...

CVE-2023-1535 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1542 Business Logic Errors in answerdev/answer

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1543 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

PT-2023-17058 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue is related to Authentication Bypass by Capture-replay. This allows unauthorized access by reusing captured authentication data. There is no information provided about the estimat...

CVE-2023-1537 Authentication Bypass by Capture-replay in answerdev/answer

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1540

CVE-2023-1540 concerns the open‑source knowledgebase app answerdev/answer prior to version 1.0.6. The vulnerability is described as an observable response discrepancy in the GitHub repository’s Answer before 1.0.6, enabling information disclosure during the password reset flow: an attacker could ...

CVE-2023-1535 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

CVE-2023-1536

CVE-2023-1536 describes a stored Cross-site Scripting (XSS) vulnerability in the GitHub repository answerdev/answer for versions prior to 1.0.7 . The issue arises from user-supplied input being stored and subsequently reflected, enabling an attacker to execute script in an authenticated user’s co...

CVE-2023-1541

CVE-2023-1541 affects the open-source project answerdev/answer prior to version 1.0.6. The issue is a Business Logic Error arising from improper permission handling in the password-reset workflow (the /answer/admin/api/user/password path). An attacker with low privileges can modify the user_id pa...

GHSA-55VM-3VQ3-4JPC Answer vulnerable to Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

GHSA-VXHR-P2VP-7GF8 Answer vulnerable to Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository answerdev/answer prior to 1.0.6...

GHSA-5W78-V688-CX9Q Answer vulnerable to Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

Answer vulnerable to Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1239

Cross-site Scripting XSS - Reflected in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1241

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1238

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...