2 matches found
CVE-2022-29174
CVE-2022-29174 affects countly-server. Prior to patch releases, an attacker who knows an account’s email/username and full name stored in the database could guess the password reset token, enabling password reset and potential account takeover. The issue is addressed in Countly Server version 22....
CVE-2021-32852
Countly countly-server (prior to 21.11, community edition) is vulnerable to cross-site scripting (XSS) via malicious links or redirects. An attacker must have or create an account, and successful exploitation results in script execution in the victim’s browser. The issue is patched in version 21....