Severity: low
Affected versions:
- Apache Answer through 1.3.5
Description:
Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
Using the MD5 value of a user's email to access Gravatar is insecure and can
lead to the leakage of user
Severity: moderate
Affected versions:
- Apache Answer through 1.3.5
Description:
Missing Release of Resource after Effective Lifetime vulnerability in Apache
Answer.
This issue affects Apache Answer: through 1.3.5.
The password reset link remains valid within its expiration period even after
Severity: moderate
Affected versions:
- Apache Answer through 1.3.5
Description:
Missing Release of Resource after Effective Lifetime vulnerability in Apache
Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. With
Severity: important
Affected versions:
- Apache Answer before 1.3.0
Description:
Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Apache Answer.This issue affects Apache Answer:
before 1.3.0.
XSS attack when user changes personal website.
Severity: moderate
Affected versions:
- Apache Answer through 1.2.1
Description:
Concurrent Execution using Shared Resource with Improper Synchronization ('Race
Condition') vulnerability in Apache Answer.This issue affects Apache Answer:
through 1.2.1.
Repeated submission during registration
Severity: important
Affected versions:
- Apache Answer through 1.2.1
Description:
Unrestricted Upload of File with Dangerous Type vulnerability in Apache
Answer.This issue affects Apache Answer: through 1.2.1.
Pixel Flood Attack by uploading large pixel files will cause server out of
memory.
Severity: important
Affected versions:
- Apache Answer through 1.2.1
Description:
Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Apache Answer.This issue affects Apache Answer:
through 1.2.1.
XSS attack when user enters summary. A logged
Severity: moderate
Affected versions:
- Apache Answer through 1.2.0
Description:
Concurrent Execution using Shared Resource with Improper Synchronization ('Race
Condition') vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.2.0.
Under normal circumstances, a user can