2 matches found
CVE-2019-15749
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...
CVE-2019-15749
CVE-2019-15749 affects SITOS six Build v6.2.1. The flaw allows a user to change their password and recovery email address without confirming the change with the old password, enabling an attacker who has access to the victim’s account (e.g., via XSS or an unattended workstation) to modify credent...