723 matches found
GO-2023-1660 Answer vulnerable to Business Logic Errors in github.com/answerdev/answer
Answer vulnerable to Business Logic Errors in github.com/answerdev/answer...
GO-2023-1619 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...
GO-2023-1620 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...
GO-2023-1615 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...
GO-2023-1541 Cross-site scripting vulnerability found in answerdev/answer in github.com/answerdev/answer
Cross-site scripting vulnerability found in answerdev/answer in github.com/answerdev/answer...
GO-2023-1550 Answer contains Improper Access Control vulnerability in github.com/answerdev/answer
Answer contains Improper Access Control vulnerability in github.com/answerdev/answer...
GO-2023-1551 Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer
Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer...
Apache Answer Security Bypass Vulnerability
Apache Answer is a community platform of the Apache USA Foundation. A security bypass vulnerability exists in Apache Answer 1.3.5 and earlier versions, which can be exploited by an attacker to cause the link to be abused or hijacked, due to a security bypass vulnerability that stems from the...
Apache Answer Security Bypass Vulnerability (CNVD-2024-35661)
Apache Answer is a community platform of the Apache USA Foundation. A security bypass vulnerability exists in Apache Answer version 1.3.5 and prior versions, which originates when a user sends multiple password reset emails, each of which contains a valid link, and can be exploited by an attacker...
WordPress Light Poll 1.0.0 Cross Site Request Forgery Vulnerability
Exploit Title: Light Poll history.pushState'', '', '/'; document.forms0.submit; Reference: https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ Exploit Title: Light Poll and are valid: https://example.com/wp-admin/admin.php?page=pollsettings&task=r...
GHSA-GVPV-R32V-9737 Apache Answer: The link to reset the user's password will remain valid after sending a new link
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...
GHSA-V3X9-WRQ5-868J Apache Answer: The link for resetting user password is not Single-Use
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
Apache Answer: The link for resetting user password is not Single-Use
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
Apache Answer: The link to reset the user's password will remain valid after sending a new link
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...
CVE-2024-41890
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...
CVE-2024-41890
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...
CVE-2024-41888
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
CVE-2024-41888
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
CVE-2024-41888 Apache Answer: The link for resetting user password is not Single-Use
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
CVE-2024-41888
The CVE-2024-41888 issue affects Apache Answer through version 1.3.5, where the password-reset link remains valid after use (not single-use), allowing potential misuse or hijacking. The impact is limited to authentication flow abuse as described; affected components are the password reset mechani...