Answer Security Vulnerabilities and Issues — Answer CVE List

Lucene search

ApacheAnswer

3 matches found

CVE•added 2024/02/22 10:15 a.m.•6645 views

CVE-2024-23349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the su...

5.4CVSS6.7AI score0.01486EPSS

CVE•added 2024/02/22 10:15 a.m.•6610 views

CVE-2024-26578

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly sub...

5.9CVSS5.7AI score0.00284EPSS

CVE•added 2024/02/22 10:15 a.m.•3835 views

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.Use...

9.1CVSS9.2AI score0.21726EPSS