CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

PT-2025-35568

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.1 through 6.4.2 Description: A user enumeration issue exists in the /CredentialsServlet/ForgotPassword endpoint. This allows remote attackers to determine valid usernames via the Login parameter. Recommendations:...

CVE-2025-29529

ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx...

PT-2025-17858 · Itc Systems · Itc Systems Multiplan/Matrix Onecard

Name of the Vulnerable Software and Affected Versions: ITC Systems Multiplan/Matrix OneCard platform version 3.7.4.1002 Description: The issue is related to a SQL injection vulnerability. It affects the Forgotpassword.aspx component. Recommendations: For version 3.7.4.1002, consider restricting...

CVE-2025-29529

CVE-2025-29529 relates to SQL injection in ITC Systems Multiplan/Matrix OneCard platform, specifically in Forgotpassword.aspx of version 3.7.4.1002. The vulnerability arises from a flaw in the Forgotpassword.aspx component that enables SQL injection. Affected product is ITC Systems Multiplan/Matr...

PT-2025-3969 · Facile Sistemas · Facile Sistemas Cloud Apps

Name of the Vulnerable Software and Affected Versions: Facile Sistemas Cloud Apps up to 20250107 Description: A vulnerability was found in the Password Reset Handler component of Facile Sistemas Cloud Apps, affecting an unknown function of the file /account/forgotpassword. The manipulation of the...

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...

CVE-2024-10287

CVE-2024-10287 describes a Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9. A remote attacker can craft a query to an authenticated user via the /mlss/ForgotPassword endpoint, abusing the ListName parameter to steal session details. The CVSS v3.1 base score is 6.1 (Medium), w...

CVE-2024-10287 Cross-Site Scripting (XSS) vulnerability in LocalServer

Cross-Site Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName...

LocalServer 跨站脚本漏洞

LocalServer is a web server software for Windows from the individual developer murdas83. A cross-site scripting vulnerability exists in LocalServer version 1.0.9, which can be exploited to obtain sensitive information from a user session via the ListName parameter on the /mlss/ForgotPassword page...

Apache OFBiz Forgot Password Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz Forgot Password Directory Traversal', 'Description' = %q Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal...

milpower.com XSS vulnerability

Open Bug Bounty ID: OBB-600042 Description| Value ---|--- Affected Website:| milpower.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

esouthhampton.com XSS vulnerability

Open Bug Bounty ID: OBB-577271 Description| Value ---|--- Affected Website:| esouthhampton.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

assurmember.be XSS vulnerability

Vulnerable URL: http://www.assurmember.be/Common/ForgotPassword.asp?Action=Send=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability...

egov.eeoc.gov XSS vulnerability

Vulnerable URL: https://egov.eeoc.gov/eeo5/forgotPassword.htm Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check egov.eeoc.gov SS...

Cross site request forgery (csrf)

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token...

CVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token...

CVE-2017-5959

CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token...

orbitz.com XSS vulnerability

Vulnerable URL: https://www.orbitz.com/user/forgotpassword Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2673 VIP website status:| Yes Check orbitz.com SSL connection:| Grade: A Coordinated Disclosure Timeline:...