Description
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
Remediation
References
Related Vulnerabilities
WordPress Plugin Browser Blocker Cross-Site Scripting (0.5.6)
MySQL CVE-2019-2774 Vulnerability (CVE-2019-2774)
WordPress 4.0.x Denial of Service Vulnerability (4.0 - 4.0.22)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.73)
Atlassian Confluence CVE-2023-22508 Vulnerability (CVE-2023-22508)