Количество 2
Количество 2
CVE-2021-28128
почти 5 лет назад
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password.
CVSS3: 8.1
EPSS: Низкий
GHSA-37hx-4mcq-wc3h
больше 4 лет назад
Weak Password Recovery Mechanism for Forgotten Password in Strapi
CVSS3: 8.1
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-28128 In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password. | CVSS3: 8.1 | 0% Низкий | почти 5 лет назад |
| GHSA-37hx-4mcq-wc3h Weak Password Recovery Mechanism for Forgotten Password in Strapi | CVSS3: 8.1 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу
20