PT-2024-24550 · Inducer · Inducer

Name of the Vulnerable Software and Affected Versions: inducer relate versions prior to 2024.1 Description: The issue allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. This enables the attacker to execute...

CVE-2024-32405

This CVE (CVE-2024-32405) affects Inducer Relate prior to 2024.1. A Cross Site Scripting (XSS) flaw exists in the InlineMultiQuestion/Answer handling within the Exam function, allowing a remote attacker to escalate privileges via a crafted payload. Root cause: unsanitized input in the Answer fiel...

CVE-2024-32405

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function...

GHSA-CVQR-MWH6-2VC6 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217

CVE-2024-29217 concerns the Apache Answer project, with an XSS vulnerability caused by improper neutralization of input during web page generation. The issue affects Apache Answer prior to version 1.3.0 and can be triggered when a logged-in user edits their personal website, allowing injection of...

Apache Answer 跨站脚本漏洞

Apache Answer is a community platform of the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Answer versions prior to 1.3.0 that stems from the presence of a cross-site scripting XSS vulnerability...

PT-2024-3190 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions prior to 1.3.0 Description: The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting XSS attacks. A logged-in user can input malicious code in their...

CVE-2024-27899

CVE-2024-27899 affects SAP NetWeaver AS Java, specifically the User Admin Application’s Self-Registration and profile modification function, which does not enforce proper security for the content of newly defined security answers. Root cause is a misconfiguration/weak security controls in user ma...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier

Summary This fix upgrades to Node.js 18.19.1. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. There are two categories of vulnerabilities addressed. The first allows remote attackers to gain access to the system, bypassing security restrictions. The second makes...

Apache Answer Cross-Site Scripting Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and earlier versions suffer from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to...

Flashcard Quiz App Cross-Site Scripting Vulnerability

Flashcard Quiz App is a dynamic tool for rems individual developers designed to promote interactive learning and knowledge retention. A cross-site scripting vulnerability exists in Flashcard Quiz App version 1.0, which stems from the parameter question/answer in the file...

Unrestricted File Upload

github.com/apache/incubator-answer is vulnerable to Unrestricted File Upload. The vulnerability is due to missing file type checks, which allows an attacker to upload large Pixel files will cause the server to run out of memory, resulting in Denial of Service DoS...

Cross-Site Scripting

github.com/apache/incubator-answer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate sanitization of user input in the summary field, which allows a logged-in attacker to inject malicious code when modifying their own submitted question...

GHSA-8PF2-QJ4V-FJ64 Apache Answer Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...

Apache Answer Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...