bcvgh/web-flash-Broken-Access-Control-vulnerability

Releases0

web-flash v3.0 Broken Access Control vulnerability

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-28270 ↗	Apr 8, 2024Monday, 8 April 2024, 19:15	8.1 HIGH	—
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.