4 matches found
Weak Password Recovery Mechanism for Forgotten Password
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via an empty confirmhash value to verify.php. Remediation Upgrade mantisbt/mantisbt to version 1.3.10, 2.2.4, 2.3.1 or higher. References...
PT-2017-17844 · Mantisbt · Mantisbt
Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.3.1 Description: The issue allows for arbitrary password reset and unauthenticated admin access. This is achieved by providing an empty confirm hash value to the "verify.php" endpoint. Recommendations: For version...
GForge 4.64.53.1 - Verify.php Cross-Site Scripting
GForge 4.64.53.1 - Verify.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25923/info GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A fix is available from the vendor. Exploiting this issue could allow an...
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25923/info GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A fix is available from the vendor. Exploiting this issue could allow an attacker to steal cookie-based authentication...