Описание
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sitos:sitos_six:6.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-640