typo3/cms-core is vulnerable to information disclosure. A remote attacker is able to discover valid email address via the password reset function by analyzing the server response time upon submitting the password reset with an arbitrary email address.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | le | 10.4.1 |