2 matches found
Unverified Password Change
Overview Affected versions of this package are vulnerable to Unverified Password Change via the password change process in the back office. An attacker can gain unauthorized access to change account credentials by exploiting the lack of previous password validation during the password change...
Cross-Site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and failure to properly escape in editable fields within the back office, allowing malicious scripts to be stored and later executed...