Lucene search
China National Vulnerability DatabaseCNVD-2022-08027HistoryJan 21, 2022 - 12:00 a.m.
Umbraco Password Reset Vulnerability
2022-01-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.002 Low
EPSS
Percentile
57.9%
Umbraco is an open source content management system (CMS) written in C# by Umbraco Denmark. Umbraco CMS is vulnerable to a password reset vulnerability that stems from the lack of an effective trust management mechanism in the web system or product. An attacker could exploit the vulnerability to change the URL a user receives when resetting their password to intercept the reset token and thus take over the account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| umbraco umbraco | lt | 9.2.0 |
Related
nvd
nvd
CVE-2022-22691
2022-01-18 17:15:10
osv
osv
CVE-2022-22691
2022-01-18 17:15:10
Umbraco ApplicationURL Overwrite
2022-01-21 23:34:24
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
cve
cve
CVE-2022-22691
2022-01-18 17:15:10
github
github
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
prion
prion
Design/Logic Flaw
2022-01-18 17:15:00
cvelist
cvelist
CVE-2022-22691 Umbraco Password Reset URL Poison
2022-01-18 00:00:00