11 matches found
CVE-2020-37172
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37158
AVideo Platform 8.1 is affected by a cross-site request forgery that enables an attacker to reset user passwords via the password recovery flow. The vulnerability arises from abusing the recoverPass endpoint using a user’s recovery token to change credentials without authentication. Affected comp...
CVE-2020-37172
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37172
CVE-2020-37172 affects AVideo Platform 8.1. The issue is a cross-site request forgery that lets an unauthenticated attacker use a user’s recovery token via the recoverPass endpoint to change credentials, including password reset. The vulnerability is evaluated with a CVSS v3.1 base score of 9.8 (...
CVE-2020-37172 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37172 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
PT-2026-7671
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...