31 matches found
Authorization Bypass
askbot is vulnerable to Authorization Bypass. The vulnerability is due to an incomplete permissions check, where an attacker authenticated with normal user permissions can modify the profile picture of other application users...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...
GHSA-R2JV-FWFR-4J8C askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the adminorownerrequired function in avatarview.py. An attacker can alter other users' profile images by sending crafted requests while authenticated with standard user privileges...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
EUVD-2026-4756
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213
CVE-2026-1213 affects askbot up to version 0.12.2, where an attacker authenticated with normal user permissions can modify other users’ profile pictures due to inexhaustive permissions checks. Red Hat, OSV-GHSA entries, and related advisories corroborate the issue as an IDOR-like permission flaw ...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
Askbot security vulnerabilities
ASKBot is an open-source Q&A platform developed by ASKBOT. Versions of ASKBOT prior to 0.12.2 have security vulnerabilities; these vulnerabilities stem from improper access control, which could lead to the modification of other users’ profile images...
PT-2026-4914
Name of the Vulnerable Software and Affected Versions askbot versions prior to 0.12.2 Description An authenticated attacker with normal user permissions can modify the profile picture of other application users. Recommendations Update to a version later than 0.12.2...
EUVD-2015-3247
Malware in sbrugna...
EUVD-2014-2275
Malware in sbrugna...
EUVD-2014-2276
Malware in sbrugna...
Askbot cross-site scripting vulnerability (CNVD-2017-32560)
Askbot is a set of open source question and answer software based on Django framework Q&A. The software contains modules for topic discussion , Q&A knowledge management , comments and answer forwarding . AskBot suffers from a cross-site scripting vulnerability that stems from the program failing ...
CVE-2015-3169
Cross-site scripting XSS vulnerability in askbot 0.7.51-4.el6.noarch...
Cross site scripting
Cross-site scripting XSS vulnerability in askbot 0.7.51-4.el6.noarch...