2 matches found
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 is affected by a cross-site request forgery that enables an attacker to reset user passwords via the password recovery flow. The vulnerability arises from abusing the recoverPass endpoint using a user’s recovery token to change credentials without authentication. Affected comp...