4 matches found
OneUptime: Password Reset Token Logged at INFO Level
Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...
WordPress Dataverse Integration Missing Authorization Vulnerability
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...
WordPress plugin Dataverse Integration 安全漏洞
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...
Logic flaw vulnerability in human capital management platform of P&L Software Co.
P&T Software is a large-scale enterprise management informatization solutions and IT integrated service provider, mainly for petroleum, chemical, construction, real estate, electric power, minerals, equipment manufacturing, banking, insurance, government and other industries, widely engaged in...