CVE-2018-6824
Cozy version 2 contains an XSS vulnerability that lets an attacker obtain administrative access through JavaScript code in the url parameter sent to /api/proxy, demonstrated by an XMLHttpRequest using email:"[email protected]" which can be followed by a password reset. The connected documents ...