CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

231 matches found

Vulnrichment•added 2023/02/08 12:0 a.m.•5 views

CVE-2023-0741 Cross-site Scripting (XSS) - DOM in answerdev/answer

Cross-site Scripting XSS - DOM in GitHub repository answerdev/answer prior to 1.0.4...

8CVSS6.4AI score0.00871EPSS

Exploits1References2

CVE•added 2023/02/08 12:0 a.m.•47 views

CVE-2023-0741

CVE-2023-0741 : Cross-site Scripting (XSS) via DOM in the GitHub repository answerdev/answer prior to version 1.0.4 . Root cause is a DOM-based XSS vulnerability in the client-side code, enabling attacker-controlled script execution within a user session. The vulnerability is described as affecti...

9CVSS8.2AI score0.00871EPSS

Exploits1References2Affected Software1

CVE•added 2023/02/08 12:0 a.m.•71 views

CVE-2023-0740

CVE-2023-0740 describes a stored Cross-site Scripting (XSS) vulnerability in the open‑source project answerdev/answer prior to version 1.0.4 . Multiple sources (NVD, Red Hat, GHSA, OSV, PT‑Security, PRION) corroborate that inputs could be injected and stored, leading to script execution affecting...

9CVSS8.4AI score0.00714EPSS

Exploits1References2Affected Software1

CVE•added 2023/02/08 12:0 a.m.•59 views

CVE-2023-0739

CVE-2023-0739 affects the GitHub project answerdev/answer prior to 1.0.4. The issue is a race condition caused by concurrent execution using a shared resource with improper synchronization, leading to potential integrity and availability impacts. The vulnerability is documented across multiple so...

8.1CVSS6.9AI score0.0069EPSS

Exploits1References2Affected Software1

CVE•added 2023/02/08 12:0 a.m.•53 views

CVE-2023-0743

CVE-2023-0743 is a Cross-site Scripting (XSS) vulnerability in the GitHub repository answerdev/answer prior to version 1.0.4. The issue affects the answer project’s web UI/input handling and is described with high-severity CVSS metrics (C/H, I/H, A/H, user interaction required). The connected doc...

9CVSS8.4AI score0.00745EPSS

Exploits1References2Affected Software1

CVE•added 2023/02/08 12:0 a.m.•76 views

CVE-2023-0744

CVE-2023-0744 affects the GitHub repo answerdev/answer prior to version 1.0.4, enabling an Improper Access Control that can lead to account takeover via the password-reset flow. Public references describe an endpoint abuse: an attacker can trigger password reset via answer/api/v1/user/password/re...

9.8CVSS9.5AI score0.06368EPSS

Exploits4References3Affected Software1