CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses

Severity: low Affected versions: - Apache Answer through 1.3.5 Description: Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user

CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use

Severity: moderate Affected versions: - Apache Answer through 1.3.5 Description: Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after

CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link

Severity: moderate Affected versions: - Apache Answer through 1.3.5 Description: Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. With

CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website

Severity: important Affected versions: - Apache Answer before 1.3.0 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website.

CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate users with the same name

Severity: moderate Affected versions: - Apache Answer through 1.2.1 Description: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration

CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file

Severity: important Affected versions: - Apache Answer through 1.2.1 Description: Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory.

CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary

Severity: important Affected versions: - Apache Answer through 1.2.1 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged

CVE-2023-49619: Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.

Severity: moderate Affected versions: - Apache Answer through 1.2.0 Description: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can