RSS   Podatności dla 'Passwordstate'   RSS

2020-10-05
 
CVE-2020-26061

CWE-640
 

 
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user.

 
2018-08-01
 
CVE-2018-14776

CWE-79
 

 
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.

 


Copyright 2024, cxsecurity.com

 

Back to Top