3 matches found
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via URL parsing differentials in unauthenticated endpoints. An attacker can redirect users to external sites by crafting malicious URLs that bypass external URL detection after actions such as form submissions or...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the Antlers-enabled control panel inputs. An attacker can execute arbitrary code in the application context by submitting specially crafted content to fields. This can result in full compromise of the...
Weak Password Recovery Mechanism for Forgotten Password
Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password reset process. An attacker can gain unauthorized access to user accounts by injecting a malicious password reset link and capturing the reset token if the legitimat...