231 matches found
CVE-2023-1543
CVE-2023-1543 describes an Insufficient Session Expiration vulnerability in the open‑source knowledge base software github.com/answerdev/answer prior to version 1.0.6. The root cause is an access control weakness where a token could be reused or not invalidated after logout, enabling unauthorized...
CVE-2023-1543 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1543 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1535 Cross-site Scripting (XSS) - Stored in answerdev/answer
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...
CVE-2023-1535
CVE-2023-1535 affects the GitHub project answerdev/answer with a Stored XSS vulnerability in versions prior to 1.0.7. The issue is caused by XSS in the application’s code path handling user input. Impact details across sources indicate cross-site execution risks for affected users. Remediation ad...
CVE-2023-1542 Business Logic Errors in answerdev/answer
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...
PT-2023-17056 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.7 Description: The issue is related to Stored Cross-site Scripting XSS in the GitHub repository answerdev/answer. This type of attack allows an attacker to inject malicious scripts into a website, which...
CVE-2023-1542 Business Logic Errors in answerdev/answer
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1543 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1540 Observable Response Discrepancy in answerdev/answer
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1542
CVE-2023-1542 concerns business logic errors in the open-source project answerdev/answer prior to version 1.0.6 . Connected sources confirm the affected component and version range and provide a remediation: upgrade to 1.0.6 or later . The issue is described consistently across Red Hat/OSV and ot...
PT-2023-17060 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue is related to improper restriction of excessive authentication attempts and a guessable CAPTCHA in the GitHub repository answerdev/answer. Recommendations: For versions prior to...
PT-2023-17058 · Unknown · Answerdev/Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue is related to Authentication Bypass by Capture-replay. This allows unauthorized access by reusing captured authentication data. There is no information provided about the estimat...
CVE-2023-1537 Authentication Bypass by Capture-replay in answerdev/answer
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1536 Cross-site Scripting (XSS) - Stored in answerdev/answer
Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...
PT-2023-17057 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.7 Description: The issue is related to Stored Cross-site Scripting XSS in the GitHub repository answerdev/answer. This type of attack allows an attacker to inject malicious scripts into a website, which...
CVE-2023-1537 Authentication Bypass by Capture-replay in answerdev/answer
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1540
CVE-2023-1540 concerns the open‑source knowledgebase app answerdev/answer prior to version 1.0.6. The vulnerability is described as an observable response discrepancy in the GitHub repository’s Answer before 1.0.6, enabling information disclosure during the password reset flow: an attacker could ...