2 matches found
CVE-2017-11680
Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...
CVE-2017-11680
In Hashtopussy 0.4.0, a Cross-Site Request Forgery (CSRF) vulnerability exists that enables an attacker to change the administrator password via the users.php endpoint. The issue is documented across multiple sources (CVE-2017-11680) with CVSS v3.0 base score 8.8 (HIGH) and CVSS v2.0 base score 6...