CVE-2022-30628
The CVE-2022-30628 entry describes an authentication flaw in Supersmart.me where an attacker can download all receipts without proper authentication. Access starts by calling the API at https://XXXX.supersmart.me/services/v4/customer/signin to obtain a TOKEN, then the API at https://XXXX.supersma...