Reimar Fritz

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions prior to 2.0.1 **Description** The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external requests and tracking by third-party servers. **Recommendations** Upgrade to version 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Apache Answer versions prior to 2.0.1 **Description** An issue exists where user-supplied content is included in notification emails without proper escaping. This allows authenticated users to perform Cross-Site Scripting (XSS), which is the injection of malicious scripts into benign websites, by injecting arbitrary HTML into emails sent to other users. **Recommendations** Upgrade to version 2.0.1.