Hashtopussy Security Vulnerabilities and Issues — Hashtopussy CVE List

Lucene search

Project HashtopussyHashtopussy

2 matches found

CVE•added 2017/07/27 6:29 a.m.•36 views

CVE-2017-11680

Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.

8.8CVSS8.9AI score0.00134EPSS

CVE•added 2017/07/27 6:29 a.m.•34 views

CVE-2017-11681

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.

8.8CVSS8.5AI score0.00574EPSS