130 matches found
PT-2024-29621 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link...
GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer
Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...
GO-2024-2743 XSS vulnerability via personal website in github.com/apache/incubator-answer
XSS vulnerability via personal website in github.com/apache/incubator-answer...
GHSA-CVQR-MWH6-2VC6 Apache Answer: XSS vulnerability when changing personal website
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...
Apache Answer: XSS vulnerability when changing personal website
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...
CVE-2024-29217
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...
CVE-2024-29217
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...
CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...
CVE-2024-29217 Apache Answer: XSS vulnerability when changing personal website
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...
CVE-2024-29217
CVE-2024-29217 concerns the Apache Answer project, with an XSS vulnerability caused by improper neutralization of input during web page generation. The issue affects Apache Answer prior to version 1.3.0 and can be triggered when a logged-in user edits their personal website, allowing injection of...
Apache Answer 跨站脚本漏洞
Apache Answer is a community platform of the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Answer versions prior to 1.3.0 that stems from the presence of a cross-site scripting XSS vulnerability...
PT-2024-3190 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions prior to 1.3.0 Description: The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting XSS attacks. A logged-in user can input malicious code in their...
Apache Answer Cross-Site Scripting Vulnerability
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and earlier versions suffer from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to...
GHSA-8PF2-QJ4V-FJ64 Apache Answer Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...
Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...
Apache Answer Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...
GHSA-RMQP-MVV2-54C6 Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...
GHSA-9Q24-HWMC-797X Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
CVE-2024-26578
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...