PT-2024-29619 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking. Recommendations: For Apache Answer versions through...

PT-2024-29621 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link...

Malicious code in sap-answer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79e44eeafd340f3bbc96c929c1594aa40e955c4c86c21b1d211ef5ad5563f02b The OpenSSF Package Analysis project identified 'sap-answer' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7550 Malicious code in sap-answer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79e44eeafd340f3bbc96c929c1594aa40e955c4c86c21b1d211ef5ad5563f02b The OpenSSF Package Analysis project identified 'sap-answer' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.17 and earlier

Summary This fix upgrades to Websphere Liberty 24.0.0.6, socket.io 3.0.2, and grpc-js 1.8.22. Websphere Liberty is used by the IBM Answer Retrieval for Watson Discovery swagger microservice. Socket.io and grpc-js are used by the IBM Answer Retrieval for Watson Discovery user interfaces for...

GO-2024-2579 Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer

Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer...

GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer

Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...

GO-2024-2578 Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer

Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer...

The vulnerability of the Apache Answer Q&A platform, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Apache Answer Q&A platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

GO-2024-2743 XSS vulnerability via personal website in github.com/apache/incubator-answer

XSS vulnerability via personal website in github.com/apache/incubator-answer...

CVE-2024-32405

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function...

PT-2024-24550 · Inducer · Inducer

Name of the Vulnerable Software and Affected Versions: inducer relate versions prior to 2024.1 Description: The issue allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. This enables the attacker to execute...

CVE-2024-32405

This CVE (CVE-2024-32405) affects Inducer Relate prior to 2024.1. A Cross Site Scripting (XSS) flaw exists in the InlineMultiQuestion/Answer handling within the Exam function, allowing a remote attacker to escalate privileges via a crafted payload. Root cause: unsanitized input in the Answer fiel...

CVE-2024-32405

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function...

GHSA-CVQR-MWH6-2VC6 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...