Lucene search
K
ApacheAnswer

6 matches found

CVE
CVE
added 2024/02/22 9:48 a.m.6662 views

CVE-2024-23349

Apache Answer (github.com/apache/incubator-answer) is affected by a Cross-site Scripting (XSS) flaw in the summary field present through version 1.2.1. The root cause is improper neutralization of input during web page generation, enabling a logged-in user to inject malicious code when editing th...

5.4CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2024/02/22 9:28 a.m.6632 views

CVE-2024-26578

CVE-2024-26578 describes a race condition in Apache Answer (through 1.2.1) caused by concurrent access to a shared resource during user registration, enabling rapid scripted submissions to create multiple accounts with the same name. The issue is a synchronization flaw that can affect account cre...

5.9CVSS5.7AI score0.00895EPSS
CVE
CVE
added 2024/08/09 2:53 p.m.71 views

CVE-2024-41890

CVE-2024-41890 affects Apache Answer up to version 1.3.5. The root issue is Missing Release of Resource after Effective Lifetime: password reset links issued in succession can remain valid during the link’s validity period, enabling potential misuse or hijacking of a previously issued link. A fix...

5.3CVSS6.7AI score0.01149EPSS
CVE
CVE
added 2024/08/09 2:55 p.m.63 views

CVE-2024-41888

The CVE-2024-41888 issue affects Apache Answer through version 1.3.5, where the password-reset link remains valid after use (not single-use), allowing potential misuse or hijacking. The impact is limited to authentication flow abuse as described; affected components are the password reset mechani...

5.3CVSS6.7AI score0.01222EPSS
CVE
CVE
added 2024/09/25 7:31 a.m.56 views

CVE-2024-40761

Apache Answer contains an Inadequate Encryption Strength vulnerability (through version 1.3.5) where the MD5 hash of a user’s email is used to access Gravatar, risking email leakage. Mitigation: upgrade to version 1.4.0 which switches to SHA-256 per the advisory. Nuclear risk: only disclosed as l...

5.3CVSS5.3AI score0.00749EPSS
CVE
CVE
added 2026/06/09 7:35 a.m.28 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00372EPSS